Anti-Money Laundering & Know Your Customer Screening Policy & Procedure

ANTI-MONEY LAUNDERING & SANCTIONS SCREENING POLICY

BACKGROUND

Anti-money laundering (AML) is the broad category of laws, rules, and procedures aimed at deterring money laundering. In 1970, Congress passed the Currency and Foreign Transactions Reporting Act commonly known as the Bank Secrecy Act (BSA), which established requirements for recordkeeping and reporting by private individuals, banks, and other financial institutions. The BSA was designed to help identify the source, volume, and movement of currency and other monetary instruments transported or transmitted into or out of the United States or deposited in financial institutions. Under the BSA, financial institutions are required to assist U.S. government agencies in detecting and preventing money laundering, and:

  • Keep records of cash purchases of negotiable instruments;

  • File reports of cash transactions exceeding $10,000 (daily aggregate amount); and

  • Report suspicious activity that might signal criminal activity (e.g., money laundering, tax evasion).

As of April 1, 2013, financial institutions must use the BSA E-Filing System in order to submit Suspicious Activity Reports (SAR). A financial institution is required to file SAR no later than 30 calendar days after the date of initial detection of facts that may constitute a basis for filing a SAR. If no suspect was identified on the date of detection of the incident requiring the filing, a financial institution may delay filing a SAR for an additional 30 calendar days to identify a suspect. In no case shall reporting be delayed more than 60 calendar days after the date of initial detection of a reportable transaction.

An amendment to the BSA incorporates provisions of the USA PATRIOT Act, which requires financial institutions to adopt a Customer Identification Program (Know Your Customer (KYC)) as part of its BSA compliance program. The three components of KYC include the customer identification program (CIP), customer due diligence (CDD), and ongoing monitoring or enhanced due diligence (EDD) of a customer's account once it is established. CIP requires that financial institutions must obtain four pieces of identifying information about a client, including name, date of birth, address, and identification number (e.g., taxpayer identification number, social security number). CDD is a process in which all of a customer’s credentials are collected to verify their identity and evaluate their risk profile for suspicious account activity. EDD is used for customers that are at a higher risk of infiltration, terrorism financing, or money laundering and additional information collection is often necessary.

PURPOSE

This Policy and Procedure (PnP) has been created to document the steps required to deter, prevent, and detect potential money laundering and terrorist financing through the Kredit Platform (Platform).

POLICY

It is the policy of Kredit Financial Inc. (Kredit) to implement and maintain procedures and controls that ensure the requirements of the BSA and USA PATRIOT ACT are followed and to file a suspicious activity report when a qualifying incident has been detected.

SCOPE

This PnP applies to all consumers and Network Members who desire to utilize the Platform for financial transactions and applies to said transactions.

ROLES AND RESPONSIBILITIES

Kredit’s Chief Compliance Officer (CCO) is responsible for ensuring the procedures set forth in this PnP meet both the letter and spirit of the AML rules, laws, and procedures and for developing and implementing controls that ensure the procedures are being followed. The CCO is also responsible for reviewing this Policy on an annual basis.

Kredit’s Chief Executive Officer (CEO) is responsible for ensuring all consumers and Network Members are properly authenticated prior to permitting said persons to originate or receive payments through the Platform, monitoring for suspicious activity, and filing a SAR in the BSA E-Filing System within 30 days of detecting suspicious activity. The CEO may appoint one or more Kredit team members to support carrying out these activities; however, the CEO retains ultimate responsibility for ensuring the activities occur.

PROCEDURES

The procedures set forth below are organized into the following sections: Know Your Customer (Consumers and Network Members), Monitoring of Suspicious Activity, and Suspicious Activity Reporting

KNOW YOUR CUSTOMER (CONSUMER)

  1. Customer Identification Program (CIP): Kredit leverages a third-party service provider, Socure, to aid in verifying the identities of all individual consumers who desire to originate payments through the Platform.

    • The CIP for authenticating consumers starts by collecting the first and last name, email address, phone number, date of birth, the last four numbers of their social security number, and full residential address directly from the consumer.

    • The information is transmitted to Socure in real-time, and Socure provides either individual confirmation of the authenticity of each piece of information or their inability to confirm it.

    • Individuals whose identity cannot be confirmed are entered into a manual review queue. A Kredit team member individually requests additional authenticating information from the consumer in order to confirm their identity. Acceptable forms of additional authenticating information include a valid state driver’s license and/or a United States passport. Legible images of these documents must be submitted via email to support@trykredit.com, which are then reviewed by a Kredit team member, prior to a final decision being made to manually authenticate that individual or not.

  2. Customer Due Diligence (CDD): Kredit also utilizes Socure’s Standard Watchlist product to compare every consumer identity against a core set of sanctions and enforcement lists, including but not limited to OFAC SDN, US, Canada, and global lists including UN Consolidated, EU Sanctions, and UK HMT, Enforcement Lists including FinCEN Money Laundering Concerns, 311 Special Measures, OIG Exclusions, High Intensity Drug Trafficking Areas, High Intensity Financial Crimes Areas, Politically Exposed Persons, and Excluded Parties List System.

    • Individuals who are flagged as part of the CDD are not permitted to make payments through the Platform.

  3. Enhanced Due Diligence (EDD): This process is N/A. Consumers who have been flagged as part of the CDD process are not permitted to utilize the Platform.

  4. CIP and CDD processes are performed on an annual basis, based on when the consumer created their Kredit account, to ensure continuous compliance with the above stated procedures.

KNOW YOUR CUSTOMER (NETWORK MEMBERS)

  1. Customer Identification Program (CIP): Network Members seeking to utilize the Platform to receive payments from consumers with whom they have a business relationship must submit various documentation to verify the identity of their business and the identity of the business’ principal(s).

    • The CIP process for authenticating Network Members starts by collecting articles of incorporation, personally identifying information of the business’ principal(s), audited financials, and licenses or bonds to operate in the states they conduct business.

    • The information is submitted to a Kredit team member who manually reviews the documents to establish the Network Member’s authenticity and ability to legally operate.

  2. Customer Due Diligence (CDD): Kredit utilizes the OFAC Sanctions List Search offered through the U.S. Department of the Treasury (sanctionssearch.ofac.treas.gov) to screen each Network Members’ principal(s).

    • If a principal is flagged as part of the CDD, the entire organization is not permitted to utilize the Platform.

    • Additionally, the following types of businesses are prohibited from utilizing the Platform:

      1. Marijuana-related businesses (MRB) (such as manufacturers, dispensers, and those engaged in medical marijuana), including companies whose main source of revenue is derived from this type of activity.

      2. Businesses engaged in the defense sector or the manufacture or production of arms, military equipment or weapons of mass destruction. This includes, but is not limited to anti-personnel mines, chemical weapons, cluster munitions, military equipment or technology, nuclear weapons, military and dual-use equipment, internal repression equipment and security and police equipment.

      3. Anonymous or numbered accounts or businesses seeking to maintain an account in an obviously fictitious name. iv. New bearer share issuance or issued bearer shares that have not been immobilized or are not with an approved custodian.

      4. Businesses that have been exited for financial crime concerns. In addition, customers or related parties where there is a strong suspicion or direct evidence that criminal activity has taken place, where a criminal offence has been committed and charges have been brought or where there is a suspicion of terrorist financing.

      5. Shell banks or entities that have no physical existence in the country in which they are incorporated and licensed, and which are unaffiliated with a regulated financial group that is subject to effect consolidated supervision (Section 313 of the USA PATRIOT Act).

      6. Unlicensed or unregistered Money Services Businesses. This includes companies offering services involving money/currency exchange, money transfer, cheque cashing, and issuing or selling travelers cheques, money orders or stored value cards that meet the regulatory definition.

      7. Unlawful Internet Gaming Companies, their principals, and their payment processors and companies whose main source of revenue is derived from either the development of gambling software or hosting environments as defined in the Unlawful Internet Gambling Act of 2006 and Prohibition of Funding of Unlawful Internet Gambling.

      8. Adult entertainment businesses, escort services, and sexually oriented or pornographic products and services.

      9. Payday lenders, their owners and principals.

      10. Missions, embassies, and consulates.

  3. Enhanced Due Diligence (EDD): This process is N/A. Network Members are not permitted to utilize the Platform if a principal(s) has been flagged as part of the CDD process.

  4. The CIP and CDD processes are performed on an annual basis, based on when the Network Member’s account is created, to ensure continuous compliance with the above stated procedures.

MONITORING OF SUSPICIOUS ACTIVITY

Kredit monitors payment trends and transactions in real-time for suspicious activity and uncharacteristic behaviors. Examples of these behaviors include:

  • Lack of evidence of legitimate business activity, or any business operations, undertaken by the parties to the transaction(s);

  • Transactions that are not commensurate with the stated business type or that are unusual and unexpected in comparison with the volumes of similar businesses operating in the same locale;

  • Complex series of transactions indicative of layering activity involving multiple accounts, banks, parties, jurisdictions;

  • Bulk cash and monetary instrument transactions;

  • Transactions being conducted in bursts of activities within a short period, especially in previously dormant accounts;

  • Transactions or volumes of aggregate activity inconsistent with the expected purpose of the account and expected levels and types of account activity; and

  • Parties and businesses that do not meet the standards of routinely initiated due diligence and anti-money laundering oversight programs (e.g., unregistered/unlicensed companies).

SUSPICIOUS ACTIVITY REPORTING (SAR)

Within 30 (thirty) calendar days after the date of initial detection of suspicious activity that falls within the scope of the SAR standards, the CEO will file a SAR in the BSA E-Filing System (https://bsaefiling.fincen.treas.gov/main.html).

COMMUNICATION

This Policy shall be communicated to all affected employees via email and maintained in the Policies folder, sub-folder Regulatory Policies, on Google Drive for reference purposes.

CONTROL

On annual basis, the CCO shall conduct the following audit of activities that occurred during the preceding 12 (twelve) months:

  1. A random 10% sample review of the CIP processes performed on consumers and Network Members that had an active account over the review period.

  2. A random 10% sample review of the CDD processes performed on consumers and Network Members that had an active account over the review period.

  3. A review of payment activity on a random 10% sample of consumers and Network Members.

  4. A review of any suspicious activity reporting that occurred over the review period.

CHANGE SUMMARY

Purpose: Internal Policy

Category: Regulatory

Policy Name: Anti-Money Laundering & Sanctions Screening Policy

PreviousRegulatory PoliciesNextElectronic Fund Transfer Act, Regulation E, Nacha Operating Rules, & E-Sign Act Policy & Procedure

Last updated