AML Policy

1. Aim and scope

1.1. The purpose of this regulation concerning the prevention and the fight against money laundering (the “AML Policy“) is to ensure that SwissWallter SA (the “Company“) comply with anti-money laundering laws and regulations.

1.2. The AML Policy also applies to any subsidiary, branch or representative office of the Company, including abroad, pursuant to SO-FIT regulations. For this purpose, and depending on the circumstances, the term “Company” means any subsidiary, branch or representative Office.

2. Legal and regulatory framework 

2.1. The Company is affiliated to and directly supervised by the self-regulatory organization SO-FIT. SO-FIT regulations directly apply to the Company.

2.2. The Company shall comply with the provisions of the Federal law concerning the fight against money laundering and the financing of terrorism in the financial sector (the “AMLA“), the Ordinance on Combating Money Laundering and the financing of terrorism of 11 November 2015 (“AMLO“), art. 260quinquies, 305bis et 305ter of the Swiss Criminal Code of 21 December 1937 (the “SCC“), the regulations of SO-FIT and the Company’s AML Policy (together the “Applicable Regulations“).

2.3. The members of the Board of Directors and the Management as well as any employee of the Company shall receive a copy of the AML Policy that they must countersign. A copy of the countersigned AML Policy shall be kept in the Company’s files.  

2.4. This AML Policy is not intended to include all legal provisions in force on the fight against money laundering and the financing of terrorism. The Company shall ensure that its activity complies with the standards in force at all times. Furthermore, any other special or applicable provision, by virtue of the principle of primacy arising from other laws, ordinances, regulations, association rules and other directives is reserved.

3. Organisation and responsibilities

Board of directors

3.1. The Board of Directors is responsible for the organisation and monitoring of the Company to actively and effectively guarantee the fight against and prevention of money laundering and the financing of terrorism. 

3.2. The Board of Director approves the overall AML Policy and ensures its implementation as well as the following-up of the measures and instructions taken by the Company. The Board of Directors ensures that the AML Policy adequacy is regularly reviewed.

3.3. The Board of Directors develops a risk appetite and ensures that steps are taken by the Company to mitigate those risks.

3.4. The Board of Directors organises regular reviews (at least once a year) of all its business relationships involving increased risks who have made at least one transaction during the concerned year.

3.5. The Board of Directors appoints a person who is responsible to oversee the fight against and prevention of money laundering within the Company (the “AML Officer“).

Management

3.6. The Management decides on the implementation, monitoring, risk assessment and regular controls of business relationships presenting an increased risk. The Management decides on taking internal investigation measures and decides on appropriate measures in the event of non-compliance with the AML Policy and the Applicable Regulations by the Company’s staff. The Management may also decide on additional checks to be carried out in the presence of business relationships presenting an increased risk. In the event of a doubtful situation, a business relationship presenting an increased risk, a well-founded suspicion, a violation by the Company of the AML Policy or of Applicable Regulations, or in presence of an internal disagreement, the Management shall immediately inform the Board of Directors.

3.7. The Management is responsible of validating any announcement to the Money Laundering Reporting Office (the “MROS“). In the event of a communication to the MROS, the Management shall immediately inform the Board of Directors.

3.8. The acceptance of a high risk client, including PEP client, requires the approval of the Management.

3.9. The Management supervises the activities of the AML Officer, ensures it follows the proper SO-FIT trainings and, in particular, evaluates the reports submitted by the latter. The Management informs the Board of Directors of the status of the Company’s compliance with the AML Policy and the Applicable Regulations at the meetings of the Board of Directors and presents an annual report to the Board of Directors on this subject. If the AML Officer is a member of the Management, it shall not supervise its own activities.

AML Officer

3.10. The AML Officer has the necessary knowledge, experience and skills in AML to guarantee its duties and shall follow regular AML trainings on Applicable Regulations. 

3.11. The AML Officer submits a quarterly report and an annual report to the Management with a copy to the Board of Directors on its activities and the Company’s compliance with Applicable Regulations. The AML Officer shall immediately inform in writing the Management in the event of any breach by the Company of Applicable Provisions and, if necessary, refer the matter to the Board of Directors. The AML Officer may refer a matter to the Board of Directors at any time.

3.12. The AML Officer prepares any additional reports requested by the Board of Directors or Management, in particular in relation to contracting parties or potential contracting parties presenting increased risks.

3.13. The AML Officer makes additional verifications in the presence of high-risk clients or doubtful situations.

3.14. In order to complete its tasks, the AML Officer has the necessary powers within the Company to this end and has an unlimited right to information, its access and its consultation. 

4. The anti-money laundering function and outsourcing

4.1. Functions

4.1.1.The AML Officer completes, in particular, the following tasks:

I. Advice and support

    1. advise the Board of Directors, the Management and the Company’s employees on the application of anti-money laundering measures and Applicable Regulations;
    2. provide general and specific assistance to the Board of Directors, Management and all employees regarding questions on anti-money laundering.

II. Implementation and control of money laundering measures

  1. propose to the Management the internal organisational procedures concerning the fight against and prevention of money laundering and terrorism and provide re-evaluation suggestions where necessary;
  2. review of company’s marketing material;
  3. prepare AML Policy updates;
  4. proceed to an AML risk analysis on an annual basis and include it in the annual AML report;
  5. ensure that the Board of Directors, the Management and the Company’s employees are aware of the AML Policy and its annexes and any and all updates;
  6. organise and monitor basic training and continuous training on anti-money laundering and on Applicable Regulations for employees;
  7. monitor the execution of internal organisational procedures concerning AMLA;
  8. ensure that the Applicable Regulations are complied with within the Company;
  9. ensure that the Management receives the information required so they can decide whether to conclude or continue with business relationships in case of increased risks.
  10. ensure in particular compliance with the procedures for establishing business relationships and clarifications, risk classification and maintenance of the AML register of business relationships who have made at least one transaction during the concerned year;
  11. ensure that potential transactions in FIAT or digital assets correspond to the initial AML analysis of the contracting party;
  12. ensure the execution of appropriate measures in case of doubt and founded suspicion of money laundering or terrorist financing, particularly with regard to the communication to MROS, including preparing such communication, and the freezing of assets;
  13. define the parameters of the transaction monitoring system and ensure the processing of the reports generated by this system;
  14. ensure the preservation and archiving of business relationship files subject to the AMLA as mentioned in section 12 of the present AML Policy.

III. Reporting

  1. preparing quarterly reports and an annual report for the Management (including the risk analysis), with copy to the Board of Directors; Where applicable, preparing ad hoc reports in the event of a breach of Applicable Rules, including propositions of corrective measures.
  2. prepare the relevant documentation for the audit company and assist the Company before and during the audit.

4.2. Outsourcing

The Company may outsource certain essential tasks pertaining to the AML function provided that such outsourcing is made in compliance with Applicable Regulations, in particular SO-FIT Directive 10.

The Company may use digital tools to assist the Company in complying with its AML duties, provided that these tools comply with Applicable Regulations. Regarding digital onboarding, the Company ensures that the digital tool complies with FINMA Circular 2016/7.

5. Establishment of business relationships and renewal of checks

5.1. The establishment of business relationships includes the following four aspects:
  1. verification of the identity of the contracting party and determination of the beneficial owner and/or the controlling owner in accordance with Appendix I;
  2. preparation of the contracting party’s onboarding file in accordance with Appendix I;
  3. classification of the new business relationship into the corresponding risk category according to the criteria set out in section 8.2 hereunder ;
  4. proof of ownership for crypto assets (travel rule, based on FINMA’s Guidance 02/2019 Payments on Blockchain and any future guidelines).5.2. The Company shall verify the identity of the contracting party, the beneficial owner and/or the controlling owner, as well as the contracting party’s authority on any wallet, before establishing any business relationship. The Company shall follow the process described in Appendix I. The Company complies notably with the online identification process set in FINMA’s Circular 2016/7 Video and online onboarding of 3 March 2016 (FINMA Circ. 16/7). 5.3. Before opening an account, and on an ongoing basis, the AML Officer will check that the customer does not have a nationality and/or domicile and/or carries on business in a country that is presenting an increased risk or is deemed non-cooperative in the fight against money laundering and terrorist financing by the FATF or FINMA (Appendix IV). 5.4. Before opening an account, and on an ongoing basis, the AML Officer will check to ensure that a customer does not appear on a sanctions/embargo lists of the State Secretariat for Economic Affairs SECO, the United Nations, the European Union and/or the United States, or is not engaging in transactions that are prohibited in this framework (Appendix III). 5.5. The AML Officer ensures that all documents and information are regularly updated. 5.6. The preparation of the file for entering into a business relationship is the responsibility of the person in direct contact with the contracting party, under the supervision of the Compliance Officer. 5.7. The AML Officer must ensure that all required documents and information are collected. In the event of increased risks, the AML Officer shall proceed in accordance with section 8.2.3 of the AML Policy. 5.8. Verification of the identity of the contracting partner or of the controlling party or the beneficial owner of the assets must be repeated during the course of the business relationship if any doubt arises as to:
  • the correctness of the indications concerning the identity of the contracting party or the controlling owner or beneficial owner;
  • the fact that the contracting party or the controlling owner is itself the beneficial owner of the assets;
  • the correctness of the declaration submitted by the contracting party or the controlling owner regarding the beneficial owner of the assets.
  • 5.9. The acceptance of any business relationship presenting increased risks must be decided by the Management. Acceptance decisions shall be documented in writing.

6. General diligence and control principles

6.1. The degree of diligence and control required when establishing a business relationship and for its monitoring depends on the risk presented by the business relationship or the transaction concerned in accordance with the criteria defined in section 9 here below. 

6.2. When establishing a new business relationship, the Company must identify the contracting party, the beneficial owner or the controlling owner, gather the documents necessary to classify the business relationship by the level of risk and, if necessary, carry out additional clarifications. To this end, the AML Officer shall ensure that all the required supporting documents have been collected.

6.3. The Company has sufficient technical equipment to detect when cumulative inflows bring the Contracting party above his tier (in terms of AML thresholds) and takes measures to avoid any possible accumulation of the amount limits.

6.4. The Company maintains a list of “increased risk” countries, including countries that present an increased risk or are deemed non-cooperative in the fight against money laundering and terrorist financing by the FATF or FINMA or sanctions/embargo lists of the State Secretariat for Economic Affairs SECO, the United Nations, the European Union and/or the United States (Appendices III and IV). Because the sanctions/embargo lists and listings are updated frequently, the Company will consult them on a regular basis and subscribe to receive any available updates when they occur. With respect to the list, the Company may also access that list through various software programs to ensure speed and accuracy. 

7. Prohibited assets and business relationships

7.1. The Company is prohibited from accepting assets which it knows or must assume originate from a felony or aggravated tax misdemeanour, even if the felony or misdemeanour was committed abroad.

7.2. The Company is prohibited from concluding business relationships:

  1. with undertakings or persons known or suspected to be financing terrorism or constituting a criminal organisation, or to be members or supporters of such an organisation;
  2. with undertakings or individuals known to be engaged in any illegal activity involved or supporting financial crime or human trafficking or Financial Pyramid (Ponzi schemes), Money Mules schemes, Pump & Dump Schemes, Boiler Room Schemes, drug trafficking or any form of illegal activities;
  3. with banks that do not have a physical presence in the State under the law of which they are organised (shell banks), unless they are part of a financial group subject to adequate consolidated supervision.7.3. The Company may not conclude business relationships presenting an increased risk as set out in art. 8.2.3 with persons for whom the Company is aware that they are the subject of criminal proceedings for a felony, aggravated tax misdemeanour or financial offence within the meaning of the SCC.

    7.4. Should the Company receive on its wallet any digital assets that do not correspond to the established AML analysis of the counterparty, if additional AML verifications lead to a situation described above at sections 7.1 to 7.3, the Company is prohibited from accepting the digital assets and shall proceed according to sections 11 and 12 below.

8. Risk classification and procedures

8.1. General principles

8.1.1. The Company implements an effective procedure to systematically detect business relationships and transactions that represent increased risks and require clarification of their financial background and increased vigilance when it comes to money laundering.

8.1.2. The Company’s business relationships are subject to classification. Each client is to be attributed with a risk score: low, medium or high (increased risks).

This classification is applied to each business relationship from its commencement and throughout its existence and is periodically updated by the AML Officer. Each business relationship will be classified in one of the three categories set out in section 8.2 of the AML Policy based on the risk it involves.

8.2. Risk classification

Business relationships presenting a low risk are those where the contracting party has the following cumulative criteria :

    • Located in country that does not appear on the list of high-risk countries (Appendix IV),
    • Low-risk customers such as salaried individuals, whose identities and sources of income can be easily identified and transactions in whose accounts by and large conform to the known profile.
    • Low risk customers such as companies with a clearly defined, transparent, easily comprehendible business activity and financial background is easy to understand and verify.
    • No particular risk in terms of tax compliance.

The business relationship can be considered as without any particular risk in terms of tax compliance provided that the client provides proof of the tax compliance of his assets transferred to the Company. The following documents shall be considered as evidence:

  • The client’s tax declaration on which the Company notes that the client’s account is clearly indicated in the declaration;
  • A receipt from the tax authorities of the client’s domicile;
  • A confirmation from the client’s tax advisor;
  • A tax compliance statement signed by the client;
  • A payment statement from the client’s account with the Company to the tax authorities of the client’s country of residence.

    Besides, an individual who is citizen of a country participating to the automatic exchange of information is considered as low risk.

    8.2.1. Business relationships presenting an average risk

    Business relationships presenting an average risk are those that present neither a low risk nor an increased risk.

    8.2.2. Business relationships presenting an increased risk

    If a business relationship is deemed to present an increased risk, the procedure applicable is that set out in the current section of the AML Policy.

  1. Business relationships presenting an increased risk in relation to money laundering and financing of terrorism

Business relationships meeting 2 risk criteria from the list below (letters A to L) are considered as high risk, bearing in mind that :

  • If the country of nationality and domicile is the same, this counts as one criteria.
  • It is sufficient that the criterion is met for one or other of the contracting parties and/or beneficial owners.
  • Business relationships with PEPs and their close relatives, as defined in Appendix V, must in any case, irrespective of the fulfilment of another risk criteria, be considered as involving increased risks.
  • Business relationships with crypto companies must in any case, irrespective of the fulfilment of another risk criteria, be considered as involving increased risks.
  • Business relationships where the domicile, registered office or nationality of the contracting partner, the controlling party, the beneficial owner of the assets is a country which the FATF considers to be a high-risk or non-cooperative country and for which it calls for enhanced due diligence (i.e. countries subject to a call for action) are forbidden.
  • Business relationships with a contracting partner or beneficial owner of the assets whose activity is carried out in a country that the FATF considers high-risk or non-cooperative and for which it calls for enhanced due diligence (i.e. countries subject to a call for action) are forbidden.

    The risk criteria for money laundering and terrorist financing are as follows:
  1. The contracting partner, controlling owner or beneficial owner has a registered address in a high-risk country (Appendix IV).
  2. The contracting partner or beneficial owner has a nationality that corresponds to a high risk country (Appendix IV).
  3. The co-contractor or the beneficial owner carries out its economic activity or makes frequent payments (if known) in a country with high risk (Appendix IV).
  4. The co-contractor or the beneficial owner carries out an economic activity that is included in the list of risky activities (Appendix IV).
  5. Neither the contracting partner nor the beneficial owner has been met physically or through digital channels that are in line with the requirements of FINMA Circ. 16/07.
  6. The client regularly requests products or services that are not customary for the Company.
  7. The client’s AML profile provides an expectation of transactions in excess of CHF 25’000.-.
  8. The transactions do not correspond to the client’s AML profile.
  9. Transactions done by the business relationship are regularly high risk transactions (i.e. more than 6 times per year), unless there is a recurring and explainable pattern.
  10. The contracting partner or beneficial owner is a complex structure as defined in Appendix VI.
  11. The contracting partner, controlling owner, beneficial owner or representative of the business relationship is a politically exposed person (PEP) or a close associate of a PEP as defined in Appendix V.

    Besides, the Company may at its own discretion classify a client as high risk even if the above criteria are not met. This may happen, for instance, in the following scenarios:

  • Customers who are reluctant in providing normal information while opening an account, providing minimal or fictitious information when applying to open an account;
  • Customers who decline to provide information;
  • Customer giving confusing details about a transaction;
  • Customer reluctant or refuses to state a purpose of a particular large/ complex transaction/source of funds involved or provides a questionable purpose and / or source;
  • High Risk: Trade in ammunition/arms, raw gemstones/diamonds; jewellery, international trade in exotic animals, casino and lottery business, financial intermediaries.

8.2.3 In the presence of increased risk, the AML Officer shall take all useful and necessary measures to clarify the financial background and the purpose of the transaction or a business relationship.

8.2.4. Transactions presenting an increased risk

The transactions presenting an increased risk are those where the transaction in question appears to be unusual particularly considering the contracting party’s financial background or transactions made in the past.

The following transactions are considered as increased-risk transactions:

  • The KYT shows a discrepancy from the original KYC, for instance, the digital assets transacting do not correspond to the whitelisted address or do not correspond to the announcements made by the client in the KYC;
  • When the forensic analysis (chain analysis by Chainalysis tool) reveals one of the following situations: mixing pattern, scam or Ponzi identified within the crypto community, known hacks of exchange or DeFi protocols, coins or assets tainted with dark web provenance or phishing and malware activity, link to stolen assets.
  • When the forensic analysis links to a cluster officially blacklisted within the Swiss, EU or US sanction list.
  • The contracting party engages in small transactions without any valid rationale (smurfing behaviour).
  • The nature, type, size and adequacy of any transaction falls outside the expected scope of the relevant transaction in relation to the pre-established AML file of the particular business relation.
  • Payments made from or to a country that the FATF considers to be high-risk or uncooperative.
  • Transactions with an equivalent value in excess of CHF 25’000, in one go or in several transactions in one year.

    In the presence of increased risk, the AML Officer shall take all useful and necessary measures to clarify the financial background and the purpose of the transaction or a business relationship.

9. Internal procedures

9.1. Procedure in case of low risk

In business relationships presenting a low risk according to the criteria defined in section 8, the Company applies the procedures mentioned in sections 5, 6 and Appendix 1.

9.2. Procedure in case of average risk

In business relationships presenting an average risk according to the criteria defined in section 8, the Company applies the procedure in sections 5, 6 and Appendix 1.

9.3. Procedure in case of increased risk

In business relationships presenting an increased risk according to the criteria defined in section 8 and in transactions presenting an increased risk within the meaning of section 8.2.4 here above, the AML Officer decides on additional measures to evaluate the risk, consisting notably of gathering more complete information to clarify the economic background. Where complementary measures are deemed necessary, these are implemented by the AML Officer as soon as possible.

  1. In business relationships presenting an increased risk according to the PEP criteria:
    • The opening of a PEP business relationship is carried out upon the decision of the management. The Company documents the file of the business relationship concerned.
  2. In business relationships presenting a change of risk status from low or medium to high risk:
    • When an already existing business relationship at a normal risk becomes a PEP business relationship or high risk client, the Company shall immediately inform the AML Officer who shall proceed and/or have further clarifications carried out as described above. Further clarifications should be made as soon as possible. The AML Officer shall present a file of the business relationship concerned to the Management, who shall decide whether or not to continue the business relationship.
  3. In business relationships presenting a change of risk status high risk to medium or low risk:
    • With regard to the termination of the PEP classification of a business relationship when a person with a PEP status no longer performs public service, the relationship shall nevertheless remain classified as a PEP relationship. Exceptions to this rule are applied for persons with a Swiss PEP status, in which case the relationship is no longer considered as a PEP no earlier than 18 months after the end of the PEP status. In such a case, the Management decides that the Swiss PEP business relationship is no longer categorized as a PEP.
  4. In business relationships presenting an increased risk other than according to the PEP criteria:
    • The responsible member of the Board of Directors is responsible for reassessing the relevance of the business relationship every six months.

9.3.1. Complementary measures

The AML Officer may decide to implement additional measures to evaluate the risk, consisting notably of gathering more complete information on the economic background of the contracting party and/or the beneficial owner and controlling owner or the economic background of the transaction. Where complementary measures are deemed necessary, these are implemented by the AML Officer as soon as possible.

10. Procedure in presence of suspicions and MROS reporting

10.1. Each member of the Management and the Board of Directors, as well as each employee, must inform the AML Officer if he/she becomes aware of the existence of suspected involvement of the assets in the business relationship with (art. 9 para. 1 let. a AMLA):

  • are connected to an offence in terms of art. 260ter SCC;
  • derive from the proceeds of a felony or aggravated tax misdemeanour (art. 305bis SCC);
  • are subjected to the power of disposal of a criminal organisation;
  • serve to the financing of terrorism (art. 260quinquies para. 1 SCC).

10.2. Each member of the Management and the Board of Directors, as well as each employee, must inform the AML Officer if the data on a contracting party, beneficial owner or an authorised signatory are identical or very similar to the data provided to the Company by FINMA, the Federal Commission on Gambling (FGB) or a self-regulatory organisation.

10.3. If there are doubts (suspicions) within the meaning of art. 9 AMLA, the AML Officer informs the Management and the Board of Directors. If further clarifications are unsuccessful and in presence of a ”reasonable suspicion” (“soupçon fondé“) pursuant to art. 9 para. 1 let. a AMLA and art. 9 para. 1quarter AMLA (and as defined at clause 10.4 below) and/or if the Company interrupts negotiations to establish a business relationships because of well-founded suspicion according to art. 9 AMLA and/or if the company knows or has reason to assume that the data of a contracting party, beneficial owner or authorised signatory are identical or very similar to the data provided to the Company by FINMA, the FGB or a self-regulatory organisation, the Management shall immediately proceed to informing the MROS and, if necessary, take the appropriate measures in accordance with the paragraphs below, with the assistance of the Compliance Officer. The Management and the Compliance Officer shall keep the Board of Directors informed.

10.4. There is reasonable suspicion (“soupçon fondé”) if the Company has concrete evidence or several indications that the criteria defined in Art. 9 para. 1 let. a AMLA (see clause 10.1 above) could be fulfilled for the assets involved in the business relationship and the additional clarifications carried out in accordance with Art. 6 AMLA do not dispel the suspicion.

10.5. If the Company cannot establish any reasonable suspicion and decides not to communicate to the MROS despite remaining doubts, the AML Officer shall document the motives of this decision.

10.6. It is forbidden to inform the involved persons (contracting party, the beneficial owner, the controlling owner or the representative of the business relationship) that a communication was made to the MROS according to art. 10a AMLA.

10.7. If the Company terminates the business relationship without proceeding to a communication to the MROS, it shall proceed according to art. 32 ff AMLO-FINMA that is applied by analogy.

10.8. The Compliance Officer shall inform SO-FIT of any communications to the MROS.  A copy of any communication made by the Company shall be sent spontaneously and without delay to SO-FIT.

10.9. During the analysis carried out by the MROS, the Company shall execute client orders relating to assets reported under art. 9 para. 1 let. a AMLA or under art. 305ter para. 2 SCC. It shall only execute client orders relating to significant assets in a form that enables the prosecution authorities to trace them.

10.10. The Company may not terminate the business relationship if the conditions of a report to the MROS pursuant to art. 9 AMLA are fulfilled or if he exercises his right of report pursuant to art. 305ter para. 2 SCC. In presence of a reasonable suspicion, Company may terminate the business relationship only in the following circumstances:

(i) If, within 40 working days of a report under art. 9 para. 1 let. a AMLA or under art. 305ter para. 2 SCC, the MROS does not notify the Company that it is forwarding the reported information to a prosecuting authority. The termination of the business relationship and the date on which it occurred must be reported to MROS without delay;

(ii) If, after the MROS notifies the Company that it is forwarding the reported information to a prosecuting authority within the 40 days deadline, the prosecuting authority does not render a decision within 5 working days. The termination of the business relationship and the date on which it occurred does not need to be reported to the MROS;

(iii) If, after a report under art. 9 para. 1 let. c AML, the prosecuting authorities do not render a decision within 5 working days. The termination of the business relationship and the date on which it occurred does not need to be reported to the MROS;

(iv) If, after a freezing order has been issued by the prosecuting authority on the basis of a report pursuant to Art. 9 Para. 1 AMLA or Art. 305ter Para. 2 SCC, the Company is informed that the freezing order has been lifted, unless in presence of other other communications of the prosecuting authorities. The termination of the business relationship and the date on which it occurred does not need to be reported to the MROS.

The Company may only authorise the withdrawal of significant assets in a form that enables the prosecuting authorities to trace them. The prohibition of disclosure under Art. 10a para. 1 AMLA (ban on information) must continue to be observed after the business relationship has been terminated.

10.11. If there are concrete signs that measures by an authority are imminent, the Company may not:

(i) terminate a business relationship in respect of which it decides not to exercise the right of disclosure under art. 305ter para. 2 SCC, even though the conditions for doing so are fulfilled;

(ii) authorize the withdrawal of significant assets.

10.12. If the Company terminates a business relationship in respect of which it decides not to exercise the right of disclosure under art. 305ter para. 2 SCC, even though the conditions for doing so are fulfilled, it may only authorise the withdrawal of significant assets in a form that enables the prosecution authorities to trace them.

10.13. If the Company informs another financial intermediary that it has made a report to the MROS, it shall record this in an appropriate form.

11. Freezing of assets 

11.1. Immediate freezing: the Company shall proceed to immediate freezing of assets in presence of any possible correspondence between the data of a client, beneficial owner or authorised signatory with the data provided to the Company by FINMA, the FGB or a self-regulatory organisation (art. 10 para. 1bis AMLA).

The assets remain frozen until the decision of the competent authority, but for a maximum of 5 working days as of the day of the communication to the MROS if the Company does not receive an order from the criminal prosecution authorities.

11.2. Delayed freezing: in presence of a communication based on art. 9 para.1 let. a AMLA or art. 305ter para. 2 SCC, the Company shall freeze the assets as soon as the MROS notifies that it transmitted the information to the prosecuting authorities. 

The assets remain frozen until the decision of the competent authority, but for a maximum of five working days as of the day of the notification of the transmission by MROS of the Company’s communication to the prosecuting authorities.

11.3. After the initial freezing period, the Company refers to the decision of the criminal prosecution authorities to freeze the assets. 

12. Business relationship register 

12.1. The Company keeps a register of business relationships containing the complete list of all business relationships subject to the AMLA (“AML Register“) in Switzerland. The AML Officer is responsible for the maintenance of the AML Register. 

12.2. When the Company is in a business relationship with a structure comprising several entities such as domiciliary companies, trusts or foundations, which are interrelated or which comprise at least one common beneficial owner, the AML Register and the file on each of the entities concerned must include an up-to-date section clearly describing the relationship that each of these entities has with all of the others, as well as the beneficial owner of each of them. In complex cases, an organisational overview must be drawn up. 

The AML Register may be fully digital provided it complies with legal requirements regarding digital records (see clause 16 below). An annual snap shot of the digital AML Register dated of 20 December of the ongoing year is kept in the Company’s digital archives. The Company conserves the snap shots of the digital AML Register for a period of ten years.

13. Employee training

13.1.The AML Officer is responsible for training the employees, particularly those in contact with the contracting parties follow a regular training.

13.2. The AML Officer shall notably ensure that the employees in contact with the Company’s contracting party and those newly employed receive, within six months following their employment, basic anti-money laundering training on Applicable Regulations. The AML Officer may request the assistance of a third party for such training.

13.3. The AML Officer takes the appropriate measures to ensure that the employees acquire a good knowledge of the following edicts:

  1. the provisions of the Swiss Criminal Code relating to the combat against money laundering and terrorism, more specifically:
    • financing participation in a criminal organisation (art. 260ter CP);
    • the financing of terrorism (art. 260quinquies CP);
    • acts of money laundering or of aggravated tax misdemeanour (art. 305bis CP);
    • a lack of vigilance in financial transactions (art. 305ter CP).
  2. the AMLA, AMLO and SO-FIT regulations;
  3. the ordinances, circulars and information letters of FINMA.

13.4. The AML Officer updates a legal watch related to the legal framework of the crypto industry on a bi-annual basis. The AML Officer may request the assistance of an external agent for such task.

13.5. The employees must acquire a good knowledge of the duties of financial intermediaries as provided for in these edicts and in particular of those concerning:  

– the verification of the identity of the contracting party and identification of the controlling party;

– the identification of the beneficial owner;

– ownership on wallets (travel rule)

– the indicia of money laundering or financing of terrorism;

– the risk-based approach;

– the clarification of business relationships and transactions;

– the retention of documents;

– the reporting of founded suspicions and freezing of assets.

13.6. The training and instructions given must be documented so that it is possible to provide this information if requested by the auditing company and/or by FINMA.  

13.7. The AML Officer ensures that knowledge is up to date and the level of vigilance remains high at all times. The AML Officer conducts periodic checks, at least once a year, of the level of knowledge of the persons subject to training within the Company.

14. Audits

14.1 The Company shall comply with AML audit requirements according to SO-FIT’s and the auditor’s instructions.

15. AML documentation

15.1 The Company keeps AML records containing the list of all business relationships subject to the AMLA. Each business relationship leads to a file being opened including at least the following documents (see Appendix 1):

  1. documents used to verify the contracting party’s identity;
  2. documents used to verify the identity of the ultimate beneficial owner’sand controlling owner’s identity;
  3. Signed form A/K in original copy;
  4. CV of the ultimate beneficial owner;
  5. Lexis Nexis and GlobalPass tools for Warnings, Sanctions, PEPs and Negative news;
  6. documents concerning ownership of wallets; (Travel Rule)
  7. documents concerning the examination of the source of funds andfinancial background; (Let’s get to know each other form)
  8. Chainalysis report (forensic / chain analysis on wallet)
  9. documents concerning their TAX identification number
  10. a ‘Know Your Customer form (KYC/KYB); (EDD form)
  11. a written note concerning the results obtained following the applicationof the risk criteria (increased risks); (risk profile)
  12. a written note or the documents related to the results of theclarifications provided for (including regarding transactions, high
    risks or suspicions);
  13. a copy of any communication to the MROS according to art. 9 para. 1 AMLAand art. 305ter SCC;
  14. decisions in criminal or AML matters notified by the prosecuting authorities;
  15. documents related to the transactions carried out.

15.2. The AML Officer shall ensure that the AML register and the AML files are complete and updated regularly. Only the AML Officer is authorised to modify the AML register within the Company. The periodicity, extent and method of verification of the AML register and AML files shall depend on the risk represented by the business relationship.

15.3. The Company also retains documents concerning transactions carried out (instructions of the contracting party, correspondence, detailed accounts, etc) as well as any documents required for clarification purposes, reporting or a decision not to report to the MROS.

16. Document retention

16.1. The AML Officer makes sure that all the documentation is organised and made available in Switzerland in a secured place accessible at all times and in accordance with applicable provisions, in particular art. 22 AMLO-FINMA that is applied by analogy.  

16.2. Conservation of documents in electronic format is subject to the requirements of art. 74 para. 4 AMLO-FINMA that is applied by analogy. The server used must be located in Switzerland, otherwise, the Company must be in possession of current physical or electronic copies of the relevant document in Switzerland and be accessible to the Company at all times.

16.3. The AML Officer classifies the documents separately with a report of any suspicions according to art. 9 AMLA and the execution of any freezing assets in accordance with art. 10 AMLA. 

16.4. Closed business relationships are classified in a separate location from ongoing relationships. They are kept for a period of ten years. The AML Officer is responsible for the safekeeping of closed business relationships and their destruction after the legal retention period.

16.5. The Company must retain AML documentation for a period of ten years following the end of the business relationship or the conclusion of the transaction. The retention period for documents related to a report to MROS is five years.

16.6. Conservation of documents is subject to the Directive 6 of SO-FIT. 

17. Entry into force, adoption and updates  

17.1. The last updates of this AML Policy are approved by the Board of Directors on 5 February 2024. Any changes or updates to this AML Policy must be approved by the Board of Directors. Appendixes to this AML Policy may be amended by the Compliance Officer, with the approval of Management. 

17.2 This AML Policy and its Appendixes enter into force on the day of its execution.

Appendix I – Internal process on client identification and transaction monitoring

All of the following documents are stored on the Company’s digital document management system (cloud based solution Amazon Web Services).

1. NATURAL PERSONS ONBOARDING

In order to start using SWISS WALLTER services, the potential customer must perform these steps:

a. To register on the platform, potential individual clients must visit the website (www.swisswallter.ch) and complete the registration process;

b. During the identification process, individual must verify his identity via the Identify or GlobalPass identity verification system (or any other approved identity verification system by the Board of Directors);

c. Provide valid and not older than 3 months Proof of address document;

d. Source of Wealth/Funds Declaration and supporting documents (when EDD applied);

e. Fill out and sign the “Let’s Get to Know Each Other” form.

2. CORPORATE CLIENT ONBOARDING

In order to start using SWISS WALLTER services, the potential customer must perform these steps

a. To register on the platform, potential corporate clients must visit the website (www.swisswallter.ch) and complete the registration process;

b. Verify the authorized person’s identity via the Identify or GlobalPass identity verification system (or any other approved identity verification system by the Board of Directors);

c. Provide valid passports or ID card copies of all company’s UBOs, shareholders, directors and authorised signatories;

d. Provide valid and no older than 3 months Proof of address documents for all company’s UBOs, shareholders, directors and authorised signatories;

e. Provide corporate documentation which depends on case-by-case onboarding:

  • Certificate of Incorporation and/or Extract from National registry;
  • Memorandum and Articles of Association or Bylaws;
  • Certificate of registered office;
  • Certificate of directors and secretary;
  • Certificate of shareholders;
  • Certificate of Incumbency, if applicable (replaces certificates of incorporation, registered office, directors and secretary, and shareholders);
  • If registered shareholders are acting as nominees for beneficial owners, a copy of the trust agreement between the nominee shareholder and the beneficial owners;
  • Power of Attorney (when there is an appointed authorised signatory);
  • Copy of the current Tax Identification Number (TIN) or its equivalent;
  • Recent audit TAX or TAX return, or recent financial statements reviewed or audited by a Certified Public Accountant (CPA). If the company is newly incorporated or inactive, the account application must include the financial statements of its shareholders, verified and signed by a CPA;
  • Recent bank statements;
  • Source of funds documentation;
  • Documents verifying the identity of registered shareholders and beneficial owners (passport, utility bill, and company reference);
  • Curriculum vitae (CV) of the major shareholder(s) (more than 15%) and board of directors;
  • Recent utility bill (dated within 3 months) reflecting the current address of the legal person;
  • Form K;
  • Signed and dated W8BENE form

The first set of documents may vary depending on business type, model and overall potential customer picture. If, during the sanctions and adverse media screening, it is visible that the customer or related parties (shareholders, beneficial owners, directors, authorised signatories) are:

  • Sanctioned – Compliance/Onboarding associate must initiate

“Sanctions reporting procedure” and inform about this AML Officer. NOTE: SwissWallter SA will not start a business relationship with the client.

  • Criminal record – Compliance/Onboarding associate must inform AML Officer about it and receive approval for Onboarding such client. After On-boarding confirmation was received Enhanced Due Diligence (EDD) On-boarding must be started.
  • Adverse media negative information – Compliance/Onboarding associate must review the provided information and if suspicious information was detected initiate EDD.
  • If any other non-standard situation arises – Compliance/Onboarding associate must review the provided information and if suspicious information was detected initiate EDD.

g. Once the identification process is successfully completed, the client must fill out and sign the “Let’s Get to Know Each Other” form. The application form should be completed in its entirety and signed by the client.

h. All financial institutions (FI) or cryptocurrency companies will be required to provide the following documents:

  • All mandatory documents or their equivalents
  • AML/Compliance policy
  • Any other relevant documents based on the specific situation
  • Valid copy of the license

I. Apostille on corporate documents: Apostille documents will be requested if a company is incorporated outside the EU/EEA or if there are any doubts regarding the authenticity of the presented documents.

j. For domicile companies, the completion of a Form A is mandatory

3. TRANSACTION MONITORING

The Company’s SEPA and SWIFT transaction monitoring is performed manually.

Each transaction is stopped and checked by Compliance associate separately. This way it is ensured that all transactions are reviewed and carefully checked.

Transactions can be executed only if it complies with the requirements that are listed below:

SEPA AND SWIFT TRANSACTIONS

  • Incoming and outgoing SEPA and SWIFT transactions can be only received from the same and sent to the Company does not proceed transactions to and from third parties;
  • The Client must provide his other bank account details in the KYC form. The Company processes transactions only to these accounts that are listed in the KYC form.
  • If the Client initiates a transaction to a new bank account that is not yet identified,
  • Client must provide truthful information about the new bank account and provide supporting documentation (bank statement or any other related documentation).
  • All transactions above 25’000.- CHF must be duly documented with extra supporting documents as contracts, bank account statements, invoices to perform a source of funds investigation.

TRANSACTIONS WITH CRYPTOCURRENCIES

  • Each client receives his unique exchange wallet (1 per cryptocurrency)
  • Once our system detects an inflow of cryptos to one of those unique wallets, a transfer record is automatically recorded in our system and given the status “Submitted” – that is the very first status
  • The system automatically checks the integrity of cryptocurrencies with its forensic / chain analysis digital tool (Chainalysis).
  • If the score generated is above 5.0 (Chainalysis), the system automatically freezes the exchange wallet and the Company contacts the client for explanations and clarifications.
  • If clarifications and/or explanations by client are not sufficient – the Company will reject and return the cryptocurrencies back to the sending address.
  • If the transaction receives a score below 5.0 – the system moves to the next step which is the travel rule test (see Appendix VII)
  • The system will then check the sending wallet against the client’s known whitelists (saved addresses that have successfully passed the travel rule test)
  • If the address already exists and had been approved for the corresponding client – the system will automatically change the status of the transaction to approve.
  • If the transaction originates from a new address, the system will bring up a dialogue screen on the client side – asking the client to send us photos/video/pdf evidence that the sending wallet really belongs to him (travel rule test). If the evidence is sufficient – the Company will approve the transaction manually.
  • If the client fails to prove the sending wallet belongs to him – the Company will reject the transaction.

Transactions can be stopped (put under an investigation) at any time by the Compliance Officer, and in any event in these cases:

  • The Client (who is already a client) was detected on possible sanctions lists, identified as possible PEP, is determined to have a criminal background or wishes to undertake an unusual transaction;
  • The transaction was sent to or received from an account/wallet that has not undertaken the travel rule test and is not listed in the Client’s Application form;

PROCESS

  • Compliance department reviews all transactions and performs cross check with the transaction details and information provided in the Application form and other KYC documents submitted by the Client.
  • If, after the detailed transactions check and document investigation there are additional questions, Client is requested to provide additional documentation. If the provided information and documents are sufficient and if it is determined that the Client and pending transaction does meet compliance guidelines and risk profile, the transaction is executed.
  • In other way, transaction is cancelled and returned to sender or back to client’s account.
  • Transaction details are reviewed making sure transfers are received from and are sent to the same entity which has an account at the Company.
  • The Company is waiting 5 business days to receive correct and sufficient documentation on each transaction. If customer is unable to provide documents within 5 working days, transaction is cancelled and returned back to sender or back to client’s account.

SUSPENDED TRANSACTION PROCEDURE:

Suspicious transactions can be suspended for up to 5 business days. During this period compliance department must collect and verify all required information to determine if the transaction in question must be executed or cancelled/suspended.

Compliance associate working with suspended transactions must perform these steps:

  • Client must be contacted in order to receive Source of Funds and other relevant documents. The employee is making sure that they are genuine and acceptable according to internal Policy and the provided information is sufficient to support Client’s actions and transfer’s certainty;
  • If no issues are found permission to execute suspended transaction is issued and transaction should be released immediately;
  • If the Client is not providing required information more than once or the provided information is suspected to be not genuine or suspicious, internal investigation is initiated;
  • If, during an internal investigation, it is determined, that Client is likely to be involved in prohibited/illegal activities, Client is reported to Money Laundering Reporting Office Switzerland (MROS) by AML Officer.

Appendix II – Risk scoring

The Company maintains a risk scoring in adequacy with this AML Policy for each client.

Hard risk factor

Risk rating

Crypto type of services / crypto operations

HIGH

Holding structure with 3 or more companies

HIGH

Domicile registration / legal address of the company

HIGH

Business structure with several jurisdictions 

HIGH

Digital onboarding of the company’s end clients

MEDIUM

If any of this risk factors is applicable to the client, the related risk rating overweight the score-based risk rating; HIGH risk rating prevails MEDIUM risk rating. 

As such, if a client has got a LOW risk factor based on risk scoring but HIGH risk factor is applicable to him, the final risk factor will be HIGH. If both MEDIUM and HIGH hard risk factors are applicable, the final risk factor will be HIGH.

The risk assessment is stored in the clients file and the risk level reported on the client profile of the Company’s platform.

Appendix III – Sanctions screening

1. Sanctions risk is the possibility that customers may use our products or services to evade sanctions and restrictions. To manage this risk, the Company screens such risks through following steps:

1.1. Explores whether the customer has any links to sanctioned countries, targeted sanctions or specific individuals and entities mentioned in sanctions lists,

1.2. Determine whether, and to what extent, a customer is exposed to sanctions – either directly or indirectly, e.g. through their business activities or transactions,

1.3. Assess the risk that a customer’s sanctions exposure represents to the Company. When assessing the sanctions risk, the first step is to determine whether, and to what extent, a customer is exposed to sanctions. This can take many forms, and some types of exposure are specific to corporates or individuals.

1.4. Evaluate the nature and level of the sanctions exposure and to determine whether we can accept it,

1.5. If the conclusion is that the risk to the Company is acceptable, follow the established process to seek approval for onboard.

2. The Company will review constantly any updates on the sanctions lists in Switzerland, European Union and United States as well as the UN Security Council Website concerning names designated in such lists issued pursuant to UN Security Council Resolutions 1267, 1988, 1989 as well as any related successor resolution issued by the UN or by the Special Sanctions Committees, to automatically and immediately freeze, without any delay and any prior notice, the funds, accounts, operations, or other assets in whatever form, (direct or indirect, joint) related to these names, as soon as such names are listed.

3. Furthermore, at such time as the Company receives notice that SECO has issued a list of known or suspected terrorists and identified the list as a list for identification purposes, the Company will, within a reasonable period of time after an account is opened, determine whether a customer appears on any such list of known or suspected terrorists or terrorist organizations issued by SECO. The Company will follow all guidance issued in connection with such lists.

Appendix IV – Prohibited, high-risk countries and high-risk professions

1. It is not allowed to enter into a business relationship where the domicile, registered office or nationality of the contracting partner, the control holder, the beneficial owner of the assets or the person with power of attorney over the account is a country which the FATF considers to be a high-risk or non-cooperative country and for which it calls for enhanced due diligence.

It is not allowed to enter into a business relationship with a contracting partner or beneficial owner of the assets whose activity is carried out in a country that the FATF considers high-risk or non-cooperative and for which it calls for increased due diligence is forbidden.

It is not allowed to enter into a business relationship where the domicile, registered office or nationality of the contracting partner, the control holder, the beneficial owner of the assets or the person with power of attorney over the account is a country under international sanctions recognised by Switzerland, European Union, United States and the UN Security Council.

It is not allowed to enter into a business relationship with a contracting partner or beneficial owner of the assets whose activity is carried out in a country that is under international sanctions recognised by Switzerland, European Union, United States and the UN Security Council.

2. The Company considers the following jurisdictions as high-risk countries:

2.1. Countries considered to be under increased monitoring by the Financial Action Task Force (FATF).

https://www.fatf-gafi.org/en/publications/High-risk-and-other-monitored-jurisdictions/Increased-monitoring-october-2023.html

2.2. Countries identified by EU as having strategic deficiencies in their AML/CFT regimes.

https://finance.ec.europa.eu/financial-crime/high-risk-third-countries-and-international-context-content-anti-money-laundering-and-countering_en

2.3. The following professions are deemed as high risk:

  • Art dealer
  • Diamond dealer;
  • Gemstone retail businesses and jewellery stores
  • Casino owners (producers or managers of the gaming industry – slot machines, casinos, bingos, etc.);
  • Currency exchange offices;
  • Arms/ammunitions dealers
  • Weapons manufacturing
  • International trade in exotic animals
  • Mining, oil and gas industry, especially when linked to developing countries.

Appendix V – Politically exposed persons

The following are in particular considered as PEPs:

Public function

The following positions or companies in Switzerland and abroad are considered to hold an important public function:

  • Head of State;
  • Head and member of a government;
  • Head and member of a parliament;
  • President of a political party;
  • Senior official serving in an administration, justice or an army;
  • Representative of a State (ambassador, consul, etc.);
  • King and Queen in charge of their office;
  • Representative of a public company (companies controlled by the State);
  • Public company;
  • Representative of international organisations;
  • Senior positions in intergovernmental organisations;
  • Senior positions in international sports federations.

For a PEP status, the concerned persons must hold one of the above-mentioned public functions at a national level.

When a person acts at a regional level, the PEP status may arise depending on the degree of autonomy or the size of the region for which the person concerned holds the public function mentioned above.

Close relatives

The family members and close associates of PEPs are individuals who are closely connected to persons mentioned here above (public function) either through their family or for social or professional reasons.

In particular, the following are considered to be close to a PEP:

  • Immediate members of the PEP’s family (brother, sister, descendants, ascendants, spouse, partner);
  • Individuals who, in a recognisable manner, are close to a PEP for personal reasons;
  • Individuals who have business relations with a PEP;
  • Companies in which a PEP holds the majority of the capital or in which the PEP occupies a senior position (member of the board of directors or general management).

Appendix VI – Complex structures

Structures with at least one of the following characteristics are considered complex structures:

  • More than two jurisdictions of domicile of the entities composing the structure without a clearly understandable reason
  • A trust with another trust as founder or beneficiary
  • The involvement of a nominee shareholder on a permanent basis in the structure in a jurisdiction qualified as non-transparent.
  • More than two domiciliary companies or similar structures constituting the structure without a clearly understandable reason or for short-term investment purposes.

Structures comprising a trust and an underlying company are not qualified as complex, as the reason for their creation is generally understandable due to the company’s business model.

APPENDIX VII – Travel rule

To comply with the Travel Rule FINMA guidance 02/2019 “payments on the blockchain”, the Company implemented the following rules to prove the ownership of the clients wallet.

All clients undergo the travel rule no matter the amounts involved.

Scenario 1: The Client white list in advance is the wallet address

  1. In the client panel, the client has access to a menu called “Add Crypto address”
  2. The panel asks the client for the following details:
    1. Network
    2. Wallet address
    3. Wallet source
    4. A declaration that the client is the owner of the wallet
    5. An upload Menu where the client can upload a video, photo, or pdf stating that he is the owner of the wallet (“Proof Documents”)
    6. Declaration is sent to the e-mail of the client and he needs to sign digitally what he submitted
  3. In the admin panel, the Company receives a message that a new wallet address was submitted.
  4. The Company runs checks (Name of Tool to check wallets) on the wallet address and controls the integrity of the proof of ownership (verification of Proof Documents)

In the event that the Company has a doubt on the Proof Documents, the Company requires that a Satoshi test be undertaken. If the Company has a doubt regarding the Satoshi test, it rejects the wallet.

Scenario 2: The client whitelist is the wallet address at the moment of the transaction

  1. The client receives a message to whitelist its new wallet and the process continue as in Scenario 1.