Anti-Money Laundering and Know Your Customer Policy
Last updated: 10/01/2022
The purposes of this MoonRun cryptocurrency exchange service (hereinafter we, MoonRun) Anti-Money Laundering, Counter-Terrorist Financing Policy and Know Your Customer Policy (hereinafter referred to as the AML/KYC or AML/CFT policy is to outline how Eight Bit Studio d.o.o., the controlling entity behind the moonrun.io website aims to comply with the relevant Croatian and European legislation and normative legal acts, in regards to identification, prevention and mitigation of the AML/CFT risks, which are present constantly during day-to-day operations of the company. MoonRun invests significant effort into protecting the users and the platform from being unlawfully exploited by the third parties, attempting to use the functionality of the platform for ML/TF purposes.
In conformity with international and local regulations, MoonRun has established a number of written procedures, as well as a number of technical solutions to prevent the users from conducting activities such as money laundering, terrorist financing, drug and human trafficking, proliferation of weapons of mass destruction, corruption and bribery, or any other activity, which could be deemed as illicit by any of the jurisdictions in which MoonRun operates. MoonRun has an ability to react appropriately and quickly to prevent such actions from occurring.
Money laundering can be defined as: the conversion or transfer of property, knowing that such property is derived directly from criminal activity, or obscurely, by participating in an illicit activity as an intermediary, for the purposes of concealing or disguising the illegal origin of the property, or assisting any person who is involved in the in such activities to evade the legal consequences. The main goal of a person involved in money laundering is to conceal and disguise the illicit nature of the funds by integrating the money into the banking system, or converting such funds into valuable assets, such as property, real estate, securities, etc. as if the funds were accumulated from a legal source.
Terrorist financing can be defined as: the willful provision or collection, by any means, directly or indirectly, of funds with the intention that the funds should be used, or in the knowledge that they are to be used, in order to carry out terrorist acts.
MoonRun employs a “zero-tolerance” approach towards corruption, fraud, collusion, money laundering or terrorist financing, and other criminal conduct. MoonRun would seek to implement all available legal means in order to be able to identify, prevent, and tackle any of such actions. The company reserves a right to report the suspicious activity of the main counterparties or the users of the website to relevant authorities, by submitting a Suspicious Activity Report.
All of the Croatian obliged entities (i.e. companies engaged into the provision of financial services, including virtual asset exchange and wallet services) are obliged to comply with the Anti-Money Laundering and Terrorism Financing Law, published in the Official Gazette No 108/17, 2017 (for the companies residing in the Republic of Croatia), which provides guidelines on the appropriate due diligence which should be applied to the customers of the obliged entities, and the recommendations from the Financial Action Task Force (FATF), an inter-governmental body whose purpose is the development and promotion of national and international policies to combat money laundering and terrorist financing.
Other legislation that relates to this AML-KYC Policy includes:
• Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing;
• Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market
• The Payment Systems Act Pursuant to Article 89 of the Constitution of the Republic of Croatia, published in the Official Gazette 66/2018 on July 20th, 2018;
• 5th Anti-Money Laundering Directive ((EU) 2018/843).
MoonRun adheres to the AML-KYC Policy by taking into account the concerns expressed by regulators of many countries, regarding the possibility of using cryptoassets for illegal purposes, in particular, for the legalization of proceeds from crime and achieving a partial or full anonymity in the transactions, as well as the anonymous purchase or sale of virtual assets.
Any any question or concern regarding the present AML-KYC policy should be directed to the following postal address: Eight Bit Studio d.o.o., Sesvete (Grad Zagreb), Ulica Ivana Meštrovića 35, 10360, or by email to [email protected]
Basic rules of the AML-KYC Policy include the following conditions:
• MoonRun does not accept any cash deposit, and does not provide the service of cash withdrawal;
• MoonRun does not accept third party deposits into a user’s account, or permit the management of an account on behalf of another party, etc.;
• MoonRun cannot grant any exception or somehow amend the list of the documents, required for the verification, or requested over the course of the client’s interaction with the platform, on an individual basis;
• MoonRun reserves the right to unilaterally refuse, cancel, or suspend the processing of any transaction, in case a reasonable suspicion occurs that the transaction may have an embedded ML/TF risk;
• As prescribed by the international legal practice, in case a Suspicious Activity Report is filed and submitted to the relevant authorities, the Company has a right, and, under specific circumstances, an obligation not to disclose the fact of the submission to the reported party.
Internal rules and procedures
To comply with the requirements of counteracting the legalization and laundering of illegal funds, MoonRun performs the following:
• Verification of the incoming customers, both natural persons and legal entities. An unverified user is restricted from conducting an exchange operation at the platform;
• Retaining the customer’s data for a period of at least 10 (ten) years since the execution of a transaction or termination of a business relationship (Pursuant to the Guidelines for the implementation of the Anti-Money Laundering and Terrorist Financing Law with respect to credit institutions, credit unions and electronic money institutions published by the Central Bank of Croatia);
• Establishing the risk scoring, as well as the metrics, tools and solutions to identify, monitor, and suspend any suspicious transaction prior or during the commencement of such;
• Any obligations of the platform should be waived to the user, in case MoonRun has managed to identify that the customer has conducted an action, violating any provision of AML/CFT policy of the company
• Pass or disclose the relevant information regarding certain transactions of a given user to the relevant authorities.
In order to comply with the requirements of Money Laundering and Terrorist Financing Prevention Act of the Republic of Croatia and to meet the necessary legal standards, MoonRun requires all clients, to pass the verification procedure in order for the company to be able to identify who the customer is. MoonRun’s user verification procedures is conducted via a secure third – party verification instrument, which corresponds to all of the relevant privacy law legislation including the GDPR. The verification is also a vital part of the registration at a financial institution, as it allows to prevent the cases of identity theft, ensures that the client who is being registered is genuine, and promotes a simplified procedure of the account recovery in case of an account access loss.
In general terms, MoonRun’s verification procedures are applied to any category of a client, signing up to use the services of the company. MoonRun reserves a right to request additional documents from clients on an individual basis, depending on the risk profile assigned.
Under the terms of the Money Laundering and Anti-Money Laundering and Terrorism Financing Law, MoonRun is required to identify and verify any person and any beneficial owners who enters into a business relationship with MoonRun, including the entities. The nature of business of MoonRun also does not imply “occasional” transactions – any entity which intends to use the services of the company are required to undergo a KYC/KYB procedure.
In certain situations (e.g. due to the regulatory or legal requirements, or due to high risks) MoonRun may require enhanced identity verification for any user. This may include requirements to verify details or sources of funds regarding transactions, which users have made or received during purchases made on MoonRun as well as bitcoin transactions that a user has sent or received to its MoonRun account.
The MoonRun identification procedure requires the user to provide MoonRun with reliable, independent source documents, data or information (for example, a national ID card, an international passport), as well as a document, which could confirm the current residential address of a person (such as, for example, a bank statement or a utility bill).
For the purposes AML-KYC Policy compliance, MoonRun reserves the right to collect the user's identification information, which includes:
• Full name;
• Date and place of birth;
• Country of residence (thereby identifying risks associated with countries, geographic areas or jurisdictions);
• Residential address
• Passport or any government issued ID details;
• Contact email address and/or phone number.
For companies (legal entities):
• Legal name of the company and DBA name;
• Registration number;
• Date and country of incorporation;
• The same personal data of the director and beneficiary as for individuals;
• Contact email address and/or phone number.
Within this AML-KYC Policy, for the purposes of identity verification, users also agree to provide verification documents that confirm identity, address and financial status (optional), including:
For individuals, the following types of documents are accepted:
• Identity document: colour copy of the passport (specifically, the page containing the personal details of the client), or a colour copy of the document that is able to confirm the identity of the user according to the legislation of the country of which the user is a resident – as a Proof of Identity
• A utility bill dated not older than 3 months – as a Proof of Address
• A bank statement dated not older than 3 months – as a Proof of Address
• Any governmentally issued document (e.g. a tax statement), clearly indicating the residential address of a person – As a Proof of Address
For companies (legal entities):
• Copy of the certificate of incorporation (if present);
• Copy of the memorandum and articles of association or equivalent document, duly registered in the appropriate register;
• Copy of extract from protocol of general meeting of participants/shareholders, Certificate of directors and secretary, minutes of first meeting of directors, register of directors or another document, confirming the appointment of the directors, or equivalent document confirming registration of the corporate acts and amendments, and powers of the company head;
• Certificate of shareholders or register of members;
• Certificate of good standing;
• Passport copy of the head of the company (additionally, passport copies may be requested of all individuals who, directly or indirectly, as well as through third parties, own more than 25 percent in the share capital of the company);
• Document confirming the legal entity location or the actual business address, where it operates (copy of utility bill not older than 3 months or copy of the office rental agreement);
• Reference letter from the bank confirming the opening of a current account, or a copy of the contract with the bank about the account opening.
The user understands that the name, country of residence, phone number and any other personal information, including documents (such as passport, national identity card, driving license, residence permit, bank account statement, utility bills and all other required documents) must be true and valid on the upload date.
MoonRun will take steps to confirm the authenticity of documents and information provided by users. Only legal methods for double-checking identification information will be used, and MoonRun reserves the right to investigate the cases of certain users whose identities have been identified as suspicious or carrying risk.
MoonRun reserves the right to verify conduct an identity check on an outgoing basis, especially when the identification document is close to the expiration date or activities appear suspicious (not corresponding to the usual transaction pattern for the user). In addition, MoonRun reserves the right to request up-to-date documents from the user, or any additional documents and additional information needed for identification or verification purposes, even though they have passed identity verification in the past.
If the user refuses to provide the requested documents and information in response to a request from MoonRun without proper justification, MoonRun will either not start a contractual relation with the user, or may even terminate the business relationship with an existing user, as well as reserves a right to report such an occasion to the regulator, in case it is deemed reasonable by the MLRO of the company.
Аfter the identity verification procedure has been completed, MoonRun has the right to refuse to provide services to users if MoonRun learns or suspects that its services are used for the purposes of conducting illegal activities.
MoonRun has a regulatory requirement to verify the source of fiat funds or cryptocurrency to confirm that the source of funds used to trade are legitimate. Over the course of such process, a customer is requested to provide documentation, explicitly showing the origin of the funds.
According to existing practices, users are known not only by verifying their identity (who they are) but, more importantly, by analysing their transactional patterns (how the payments are made). Therefore, MoonRun relies on data analysis as a risk assessment as well as on the manual checks and the automated transaction monitoring solutions. MoonRun performs a variety of compliance-related tasks, including capturing data, filtering, record-keeping, investigation management, and reporting.
MoonRun’s system functionalities include:
• Check of users’ presence on recognised “black and negative watch lists” (e.g. Sanctions lists with EU, UN, OFAC, HM Treasury, Interpol database, lost and stolen documents list), aggregating transfers by multiple data points, placing users on watch and service denial lists, opening cases for investigation where needed, sending internal communications and filling out statutory reports, if applicable;
• Transaction monitoring tools;
• Case, document and record management.
in connection with this AML-KYC Policy, MoonRun will monitor all transactions of its users and reserves the right to perform the following actions:
• Ensure that transactions of a suspicious nature are reported to the authorised regulator or relevant law enforcement by the Compliance officer;
• At any time request that the user provide any additional information and documents in case of suspicious transactions or activity;
• Suspend or terminate a user's account when MoonRun has a reasonable suspicion that such user is engaged in illegal activity.
The above list of options and actions is not exhaustive and the Compliance officer will monitor users’ transactions on a regular basis in order to define whether to apply any measures to such transactions, report them, or treat them as suspicious or as legitimate.
The Compliance officer is the person, duly authorised by MoonRun, whose duty is to ensure the effective implementation and enforcement of the AML-KYC Policy. It is the Compliance officer’s responsibility to supervise all aspects of MoonRun’s anti-money laundering and counter-terrorist financing procedures, in particular:
• Collecting and verifying users’ identification information;
• Establishing and updating internal policies and procedures for the completion, review, submission and retention of all reports and records required under the applicable laws and regulations;
• Monitoring transactions and investigating any significant deviations from normal activity;
• Implementing a records management system for appropriate storage and retrieval of documents, files, forms and logs, updating risk assessment regularly;
• Providing law enforcement or local regulators with information as required under the applicable laws and regulations, interacting with law enforcement agencies involved in the prevention of money laundering, terrorist financing and other illegal activities.
In accordance with the law requirements and security reasons MoonRun might provide limited services on opening of accounts and carrying transaction processing for citizens and residents of, as well as people staying in the countries where transactions are prohibited by international sanctions or their internal law regulations.
MoonRun is also obliged to comply with the requirements of anti-money laundering and counter-terrorist financing, in this connection MoonRun apply increased requirements (for example, performance of EDD procedure at the start of the business relationship, which implies, included, but not limited to, the request for the Source of Funds of the client) to residents of countries with weak anti-money laundering and terrorist financing regimes and/or designated by the relevant authorities as high risk monitored jurisdictions. MoonRun also has an internal risk score calculation system in place, which accounts for the geographical risks associated with countries, having week ML/TF legislation. These geographic restrictions are applied according to lists defined by the relevant authorities and might be subject to updates from time to time.
MoonRun, in line with the local and international requirements, has adopted a risk-based approach to combating money laundering and terrorist financing. By adopting a risk-based approach, MoonRun is able to ensure that measures to prevent or mitigate money laundering and terrorist financing are commensurate to the identified and potential risks.
Additionally, as mentioned previously, MoonRun has an internal risk management system that identifies activities and profiles deemed as high risk from a security and/or legal standpoint. When a MoonRun account is flagged by our risk management system, additional verification items might be required in order to activate or release the suspension of such a MoonRun account. In exceptional cases, MoonRun might refuse to provide service to users that impose excessive risk to MoonRun.