Global Money Shift s.r.o. – Anti-Money Laundering & Knowing Your Customer Procedures
Global Money Shift s.r.o. – Anti-Money Laundering & Knowing Your Customer Procedures
In reply to today’s every growing money-laundering and online fraudulent behavior, firm and tight policies are employed by our operation to guard against damage caused by such activity. The software used to operate our financial operation has a robust anti-fraud engine designed to filter out suspected and fraudulent users. Once detected the mechanism generates alerts and performs different actions according to predefined rules.
Enhanced search parameters can be set to single-out different aspects of fraud and to prevent such users from repeat attempts.
The software management is continuously updated with requirements and rules as determined by the National Bank of Czech Republic. As a result procedures may be updated accordingly to reflect these guidelines, if and when required.
To provide high-level security at our operation the Fraud, Customer Support and Relationship Management departments work as a team.
One of the main tasks at our Company is developing a strong and trustworthy relationship between our users and our staff. All of user’s staff is made aware of the fraud and money laundering problems and are trained to handle such issues and provide necessary assistance including directing suspected transactions to the right authority and enforcement forces specialised in assisting such issues, were necessary.
Our highly trained representatives using manual checks and advanced software tools to contribute to increase and perpetuate this relationship and the security of both our users and ourselves. Throughout the user’s lifecycle, our staff uses these tools and procedures to find, be alerted and take action against fraudulent activities. The following user actions are screened:
• Account registration.
• Payment method registration.
• Currency Exchange above 10,000 EUR or equivalent.
Note: As a preventative tool, our system does not transfer requested withdrawals for a user before their identity is verified.
There are two stages in this process; registering an account and registering a deposit or withdrawal method.
Registering an Account
When opening an account, the user is required to enter mandatory information into the registration form. If this information is not supplied the user cannot complete the registration process. Inaccurate information, such as an incorrect username, is detected by the system as the user continues the registration process. Once found the user is asked to supply documentation to authenticate their identity. The following mandatory information is required:
• Full name.
• Full address.
• Full phone number.
• Valid email address.
• Full date of birth.
Our system does not enable a user to continue registration if their date of birth indicates that they are under 18 years of age. In line with our legal obligations, we only accept users who are 18 years old or over. All newly registered users are subject to our KYC procedures and must provide us with the necessary documentation and identity verifications we require in order to verify the user’s identity. We believe we have imposed all the necessary controls in this area.
A Fraud alert is generated if there are mismatches between a user’s details and the information appearing on their deposit or withdrawal method. Although the user can continue registration they will not be able to deposit money using the such method.
Generally, when deposits are made or withdrawals requested, user may ask the user to provide different types of documentation. This includes:
• Copies of the user’s valid picture ID.
• Utility bills, as proof of address.
• Bank references, as proof of the source of money.
• Bank statements when required. For example, amount and method used for withdrawal.
• Country of origin – there are countries that are blocked from our services in accordance with FATF recommendation.
• There may be circumstances when a user is required to send notarized identification to validate their authenticity.
Throughout these stages the following chain of actions occurs:
1. Event check.
2. Alert validation.
4. Compliance decides to verify or not.
User activity is automatically checked according to rules and policies which are based on the following criteria:
User requests are initially answered by our Relationship Management department which is built of highly trained representatives working according to strong guidelines.
The following table discusses different criteria which are checked:
If the user is fraudulent their personal details may not be true. As such, the Company validates information through third parties. This include PEP checks with external sources
Does the IP address of the user’s computer match the location of the specified residential address? If not, then why? (this check will be available once the core banking system is fully deployed)
The signup date indicates the seniority of the user at our operation. Users who have been at our platform for a long time are least likely to be fraudulent.
Freemail is commonly used and can often be accessed from anywhere. However if the address starts with a name followed by numbers, for example firstname.lastname@example.org this could indicate that the user has more than one email address and may also have other accounts. The email address is checked if there are other similar accounts listed with other users.
Has the user deposited amount exceeding his profile?
Large deposits within the first 24 hours from when an account is created, and is not in accordance with the client’s profiling made on registration stage, may indicate that the user is trying to use our services for fraudulent or money laundering purposes.
Check if the user have patching amounts on deposit and withdrawal orders, indicating he is using the system to “funnel” funds through our services and create a placement opportunity.
If the currency defined for the account does not match the currency used by the defined country this could be suspicious. For example; why use Euro in the United States?
While the software has a tool for detecting duplicate accounts, fraudulent users who open several accounts will know how to enter false information. Therefore, we always check the following:
• Signup date, a fraudulent user or fraud ring will create multiple accounts within a relatively short period.
• IP address, although many internet connections are through a dynamic IP, several user accounts using the same or similar IP addresses may indicate a connection between them.
• Address, while the address itself will probably vary in the different accounts, format of the address and usage of uppercase and lowercase letters may indicate that they were created by the same person. For example, 53 Hancock st and 12 Dover st.
• Phone, as for email, the format of the phone number and usage of dashes between the numbers may indicate a pattern.
• Passwords, a fraudulent user may use the same or similar passwords in more than one account.
• In related accounts there is an automatic check for the account’s fraud history which can also be done manually.
Strict deposit limits and withdrawals policies are enforced, especially with new account holders.
• Perform extensive background checks.
• Limit access to information. Senior employees only have access to user documentation.
• Cross check summary reports.
• Screen calls and emails.
• Perform on-the-spot inspections.
• Block access to ex-employees.
Set parameters have been made for requesting documents.
• Bosnia and Herzegovina
• Democratic People’s Republic of Korea (DPRK)
• Sri Lanka
• Trinidad and Tobago
We are fully aware of the higher risks involved in remote onboarding, since users when registering are not physically present. We might therefore require additional documents from users for verification purposes during the registration stage as well as prior to processing a user’s request for withdrawal of funds. User documentation is essential for complying with AML and CTF regulations and for reducing fraudulent activity during the registration process. There are also criteria for requesting user documentation which have been defined according to fraud risk assessment and regulations applicable to our operation.
The most frequently requested documents for most user requests are for valid copies of the user’s picture ID which display their residency address. However, if the user’s current address is not listed, other documents such as utility bills or bank statements displaying the correct address are also accepted.
Other documents include a notarized copy of a picture ID for high withdrawals, or a bank letter reference acting as a letter of good standing for the user.
For corporate clients we request the following documents:
Certified Copies of company documents or if any of the directors or shareholder are a Company:
Certified Documents for each Director and Shareholder:
User shall follow the guidance issued by the National Bank of Czech Republic with regards to combating financing of terrorism and money laundering in line with the Money Laundering Regulations.
Behavioral patterns of a user are checked by our Compliance team. During the check the following are examined on the following triggers:
If fraudulent behavior is suspected we contact the user and ask for documents which verify their identity and supporting documents for the requested transaction (invoice, agreement, bill instruction). We may decide to withhold the withdrawal. However, once fraud is actually detected, we cancel the transaction, block the account until further investigative steps can be completed by the relevant authorities, including the Financial Intelligence Unit.
All withdrawal requests first follow our audit check procedure.
During an audit check the following checklist is used:
Check – The date that the user opened the account. Fraudulent users tend to act fast from the signup date, therefore new users are considered more likely to be fraudulent.
Action – New users depositing are asked for supporting documents.
First name, last name, zip code, email, and phone
Check – A search is made for conspicuous names such as, John Doe, or numbers such as, 0000000000.
Action – When located, the information is forwarded to the Fraud department for further investigation.
Check – A search for suspicious addresses or the address is verified by any available means. The billing address is checked that it is not a POB address.
Action – When suspicious the information is forwarded to the Fraud department for further investigation. The user is asked to supply additional proof of address document.
Check – Total amount of money deposited by the user since signup. This will help to assess the caliber of the user withdrawing.
Check – What is the total amount of money withdrawn by the user since account opening
Action – If a user has made a previous successful withdrawal it is added to the user’s credibility.
Total returns and total return reverses
Check – Is the amount zero or does the amount in Total returns equals the amount in Total return reverses.
Action – If the amount is not zero or does not equal zero notify the Fraud department.
Check – Payment method/s the user is using.
Action – The total amount deposited should be taken into consideration when requesting documentation from the user. The different methods are also checked to ascertain the alternative payment methods available for the user.
Check – Total amount (count of transactions) a user has deposited since account opened.
Action – The total amount and number of transactions deposited are taken into consideration when requesting documentation from the user.
To ensure full efficiency of AML procedures, we have set additional procedures for issuing large payments. These procedures may include additional documentation, approvals, checks and balances.
1. The following documents are requested:
2. Approval from the various internal parties, such as the relationship management is received.
3. A check on the software is made for blacklisted parties.
4. Check that the Fraud department has performed a fraud check on the account of the user requesting to withdraw the large sum.
We shall retain all documents provided by the users as part of our KYC procedure including supporting documents in respect of business relationships or occasional transactions for the maximum period established by law, which is for a total duration of five years from the end of the business relationship. Documents will not be retained for more than five years unless we have a specific purpose for doing so.
Reasons for longer retention period, which shall be determined on a case by case basis, may include:
Retention of other Records
In addition, we shall also retain the documents listed below:-
Our employees are fully trained to identify situations which do or which potentially might lead to money laundering or terrorist financing. If in the course of their business:-
that a user is engaged in money laundering or terrorist financing, they will immediately and without undue delay file a report with our Anti-Money Laundering Compliance Officer
If, following that report, the Anti-Money Laundering Compliance Officer determines that there are sufficient grounds for knowledge or suspicion, s/he shall escalate further and report the matter in accordance with the applicable law.
It shall be the responsibility of the Anti-Money Laundering Compliance Officer to ensure that all employees are:-
The Anti-Money Laundering Compliance Officer shall ensure that regular refresher training is given to existing employees on an annual basis and that this training will form part of the induction training for new employees. In addition, the Anti-Money Laundering Compliance Officer may impose a competence test on the employees following the training. Records of attendance as well as the results of any competence tests shall be retained by the Anti-Money Laundering Compliance.