Anti-Money Laundering (AML) and Counter Terrorist Financing (CTF)
Our company Digital Crypto Pay (DCP) operates a cryptocurrency exchange platform that allows customers to buy, sell, and exchange cryptocurrency. As an obliged entity, within the meaning of the Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC, therefore we are obliged to apply financial security measures.
We are registered in the Register of activities in the field of virtual currencies, authorized by the relevant supervisory units acting on behalf of the Polish Financial Supervision Authority (Komisja Nadzoru Finansowego). Our entry number is RD WW-1175.
As part of our commitment to ensuring the integrity of our platform and preventing it from being used for money laundering, terrorist financing, or other illegal activities, we have implemented a comprehensive Anti-Money Laundering (AML) and Know-Your-Customer (KYC) policy. DCP has introduced an AML Policy and the present document is a legal note for users which outlines our approach to AML/KYC compliance and the measures we have put in place to detect and prevent illicit activities.
DCP is committed to the highest standards of Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) compliance. Our policy is to prevent, detect, and report any activity related to money laundering, terrorist financing, or other illegal activities.
Money laundering is the criminal process of converting illegally obtained funds (through terrorism, corruption, drug dealing, etc.) into legal investments, hiding their true source. The government of every country fights against money laundering and terrorist financial operations to prevent the entry of criminal funds into the economy. Financial institutions, including digital currency services, are vulnerable, and DCP actively participates in preventing such criminal activities worldwide. To achieve these goals, we undertake the following actions:
Our AML and CTF activities
Conduct client due diligence, including but not limited to identity verification, and monitor all customer transactions.
Track suspicious user operations and those under irregular circumstances.
If illegal activity or money laundering is suspected, the company can request additional verification or cancel transactions at any step.
According to international law, DCP is not obligated to notify customers of suspicion in their criminal actions.
These actions align with AML FATF references and cross-border legislation.
Maintain a robust compliance program that includes regular updates to our electronic systems and ongoing staff training to improve methods of combating money laundering.
Implement a risk-based approach to AML/CFT compliance, ensuring that resources are allocated efficiently and effectively to higher-risk areas.
We are committed to complying with all AML/KYC regulations and will take appropriate measures to prevent our platform from being used for money laundering or other illegal activities. Our AML/KYC policy is designed to detect and prevent illicit activities on our platform and to ensure the integrity of our services. We will continue to monitor regulatory developments and update our policies and procedures as necessary to ensure compliance with changing requirements.
Scope of the Policy
This policy applies to all employees, officers, and directors of DCP, as well as to all products and services offered by the company.
Governance and Oversight
The board of directors is ultimately responsible for AML/CTF compliance. Senior management is tasked with implementing the policy, and the AML compliance officer oversees the day-to-day operations, ensuring adherence to regulations and internal procedures.
Governing Law
These Terms of Service shall be governed by, and construed in accordance with, the laws of Poland, without giving effect to any principles of conflicts of law.
Customer Identification Program (CIP)
DCP verifies the identity of its clients through a robust CIP, which includes obtaining and verifying information such as government-issued ID, proof of address, and, where applicable, the source of funds. Enhanced due diligence (EDD) measures are applied to high-risk customers.
Transaction Monitoring
DCP employs a combination of automated systems and manual processes to monitor transactions for suspicious activities. Transactions that meet certain criteria are flagged for further review, and any suspicious activities are reported to the relevant authorities in accordance with legal requirements.
Ongoing Monitoring:
We will monitor customer transactions and activities on an ongoing basis to identify suspicious or potentially illegal activities. This includes monitoring for unusual transaction patterns, such as multiple transactions of similar amounts, and monitoring for transactions that are inconsistent with a customer’s profile or usual behaviour. We will also monitor for transactions that involve high-risk countries, politically exposed persons, or other individuals or entities that are subject to sanctions or other regulatory measures. If we identify any suspicious activities or transactions, we will promptly report them to the relevant authorities.
Reporting and Record-Keeping
We will maintain proper records of all customer transactions and identity verification documents as required by law. These records will be securely stored and made available to regulatory authorities upon request. We will also maintain records of any suspicious activities or transactions that we report to the authorities.
Suspicious activity reports (SARs) are filed with the appropriate authorities promptly upon detection of suspicious activities. DCP maintains comprehensive records of transactions, customer identification documents, and SARs for a minimum of five years.
Risk-Based Approach
We will adopt a risk-based approach to our AML/KYC compliance measures. This means that we will assess the risk posed by each customer based on factors such as their transaction history, country of origin, etc. Customers who are deemed to be higher risk, such as those conducting large transactions or those from high-risk countries, will be subject to enhanced due diligence procedures. This may include additional identity verification measures, such as face-to-face interviews, and more frequent monitoring of their transactions and activities on our platform. If we decide that the risk associated with a particular transaction is too high, we might have to decide to not go through with the transaction.
Risk Assessment
DCP conducts a dynamic risk assessment that includes periodic reviews and updates. The assessment considers factors such as the geographic risk (e.g., countries subject to sanctions or identified as high-risk by FATF), customer risk (e.g., politically exposed persons, high-net-worth individuals), and product/service risk (e.g., high-value transactions, anonymous payment methods). DCP reserves the right to reject or return a transaction with DCP own prejudice.
Employee Training and Awareness
DCP provides comprehensive AML/CTF training to all employees upon hire and annually thereafter. Training covers topics such as recognizing suspicious activities, internal reporting procedures, and legal obligations. You can find further information in this blog post.
Internal Controls and Audits
DCP has established robust internal controls to ensure compliance with AML/CTF policies. These controls include regular audits by internal and external auditors, ongoing monitoring of compliance activities, and periodic reviews of policies and procedures.
Compliance with International Standards
DCP adheres to international AML/CTF standards, including the Financial Action Task Force (FATF) recommendations. The company regularly reviews updates to these standards and adjusts its policies and procedures accordingly.
Sanctions Screening
DCP utilizes automated screening tools to check customers and transactions against international sanctions lists. Potential matches are reviewed by compliance staff to determine if they represent true positives or false positives, and appropriate actions are taken based on the findings.
Independent Review
The independent review of DCP’s AML/CTF program includes a gap analysis against regulatory requirements and industry best practices. The review findings are presented to the board of directors, along with an action plan to address any identified deficiencies.
Data Privacy and Protection
DCP employs robust data protection measures, including encryption, multi-factor authentication, and regular security audits, to safeguard customer information. The company also has a data breach response plan in place to address any potential data breaches promptly and effectively.
Whistleblowing Policy
DCP encourages employees to report any suspicious activities or potential compliance violations through a confidential whistleblowing hotline. Reports can be made anonymously, and the company ensures that whistleblowers are protected from retaliation.
Continuous Improvement
DCP is committed to continuously improving its AML/CTF program by staying abreast of emerging risks, regulatory changes, and industry best practices. The company participates in industry forums, collaborates with other financial institutions, and engages with regulatory authorities to enhance its understanding and response to money laundering and terrorist financing threats.
Prohibited Jurisdictions
DCP does not engage in business with individuals or entities located in or associated with the following countries
- Afghanistan
- Angola
- Belarus
- Bosnia-Herzegovina
- Burundi
- Central African Republic
- Congo, the Democratic Republic
- Cuba
- Ethiopia
- Guinea
- Guinea Bissau
- Guatemala
- Iran, Islamic Republic of
- Iraq
- Korea (the Democratic People’s Republic of)
- Kosovo
- Lebanon
- Liberia
- Libya
- Mali
- Myanmar
- Nagorno-Karabakh
- Nicaragua
- Nigeria
- Northern Cyprus
- North Korea
- Russian Federation
- Sahrawi Arab Democratic Republic
- Somaliland (Same as Somalia)
- Somalia
- South Ossetia
- South Sudan
- Sudan
- Syrian Arab Republic
- Tunisia
- Turkey
- Venezuela
- Yemen
- Zimbabwe
- Western Sahara
- Ukraine regions: Luhansk, Donetsk, Crimea and other occupied regions
Unacceptable Businesses
DCP prohibits engaging in business with certain types of entities and activities due to their high risk of being associated with money laundering, terrorist financing, or other illegal activities. The following businesses and activities are deemed unacceptable for DCP’s services:
- Shell Banks
- Anonymous Shell Companies
- Businesses involved in the illegal drug trade
- Unlicensed gambling and gaming services
- Unlicensed money services businesses (MSBs)
- Dealers in arms and weapons
- Businesses involved in human trafficking or exploitation
- Prostitution and escort services
- Ponzi schemes and other pyramid sales schemes
- Businesses involved in the production or distribution of pornography
- Unregistered charities and non-profit organizations
- Businesses involved in the sale of counterfeit goods
- Unlicensed foreign exchange trading platforms
- Any business or activity that involves the exploitation of children
- Cryptocurrency mixing services or tumblers
- Businesses dealing in stolen goods
- Any other business or activity deemed illegal by regulatory authorities
Customers engaging in these businesses or activities will be subject to enhanced scrutiny and are likely to be refused service by DCP.
High-Risk Jurisdictions
DCP exercises enhanced due diligence and limits the transactions when dealing with individuals or entities from the following high-risk countries:
- Albania
- American Samoa
- Anguilla
- Antigua and Barbuda
- Aruba
- Azores (Portugal territory)
- Bahamas
- Bahrain
- Bangladesh
- Barbados
- Belize
- Bermuda
- Botswana
- British Virgin Islands
- Brunei Darussalam
- Bulgaria
- Burkina Faso
- Burundi
- Cambodia
- Cameroon
- Cayman Islands
- Central African Republic
- Chad
- Chile
- China
- Colombia
- Comoros
- Congo (Brazzaville)
- Cook Islands
- Costa Rica
- Croatia
- Curacao
- Djibouti
- Dominica
- Egypt
- Equatorial Guinea
- Eritrea
- Fiji
- French Polynesia
- Gaza Strip
- Gibraltar
- Guernsey
- Haiti
- Honduras
- Hong Kong
- India
- Isle Of Man
- Israel
- Jamaica
- Jersey
- Jordan
- Kenya
- Kyrgyzstan
- Madagascar
- Malaysia
- Maldives
- Marshall Islands
- Mauritania
- Mauritius
- Montserrat
- Morocco
- Mozambique
- Namibia
- Nauru
- Niger
- Niue
- North Macedonia
- Pakistan
- Palau
- Panama
- Philippines
- Qatar
- Saint Helena, Ascension and Tristan da Cunha
- Saint Martin (French part)
- Saint Pierre and Miquelon
- Samoa
- Senegal
- Seychelles
- Solomon Islands
- South Africa
- St Kitts & Nevis
- Tajikistan
- Tanzania
- Thailand
- Tonga
- Trinidad & Tobago
- Turkmenistan
- Turks & Caicos
- Uganda
- United Arab Emirates
- United States Virgin Islands
- Uruguay
- Uzbekistan
- Vanuatu
- Vietnam
- West Bank (Palestinian Territory, Occupied)
Multiple Accounts Policy
It is prohibited to have more than one account on our website. If it is detected that a customer has more than one account, all of the accounts will be temporarily disabled. The customer will be requested to choose which one of his accounts will be active, while the others will stay blocked permanently. If it is detected that a customer creates multiple accounts in order to overcome the limits set by DCP for a certain payment method, DCP reserves the right to request additional verification from the customer. In case the customer is unable to provide the requested information, DCP will refund the payment to the original sender while keeping the incoming and outgoing transaction fees, if those apply.
List of Required and Supported Documents
Some documents might be required during the verification process. These include but are not limited to the following:
Identity Verification:
- Government-issued International Passport
- Government-issued Identity Card
- Government-issued Driving License
- Selfie with an Identity Document
Address Verification:
- Utility bill or Bank Statement not older than 6 months
- Paper or electronic versions are allowed
- No modifications allowed to the documents
Additional Verification Documents:
We reserve the right to ask for proof of funds and/or source of wealth to provide assurance that the funds being transacted are not from proceeds of illegal activity.
Note: All required documents should be provided in good quality with readable text and without modifications or edits; otherwise, they may be rejected and new copies without modification or in better quality will be requested.