BILLIUM PAYMENT SERVICES PROVIDER
Anti-Money Laundering and Terrorism Financing Policy
Table of Contents
- Table of Contents
- Board Statement
- Document purpose
- Document hierarchy
- Type: High level policy documents
- Type: Process documents
- Type: Supporting documents
- Type: Procedure documents
- Relevant regulators
- Applicable financial crime laws and regulation
- Penalties for Non-Compliance
- BILLIUM PAYMENT SERVICES PROVIDER Model
- Clients and customers
- Compliance Model
- Risk Based Approach
- Roles and Responsibilities
- Compliance function
- Risk Committee
- Money Laundering Reporting Officer (MLRO)
- External Audit
- Risk Assessment
- High Risk Businesses
- Unacceptable Businesses
- Our Delivery Channels
- Geographic Location
- Risk Register
- Approach to Financial Crime Risk
- Customer Due Diligence
- Risk Assessment
- Client Types
- Real Time Monitoring
- Transaction Monitoring
- Velocity Controls
- Sanction Screening
- Suspicious Activity Reporting
- SAR Reporting
- Internal Reporting
- External Reporting
- Fraud Prevention
- Records Keeping
- Dealing with Third Parties
- Third Party Information Requests
- Appendix 1 – Internal Suspicious Activity Report Template
As an Authorized Electronic Money Institution, BILLIUM PAYMENT SERVICES PROVIDER must have systems and controls in place in order to ensure compliance with all applicable anti-money laundering (AML) and counter-terrorist and proliferation financing (CTF), (together referred to as AML) laws and regulations.
As well as complying with rules-based regulation, BILLIUM PAYMENT SERVICES PROVIDER has implemented an appropriate risk-based framework to prevent it being used for the purposes of various financial crime, and to prevent it or its customers and clients from becoming victims or instruments of financial crime.
The Board of BILLIUM PAYMENT SERVICES PROVIDER acknowledges that the implementation, adherence and maintenance of this AML and CTF policy (hereinafter – AML Policy) is key to achieving the above outcomes. This AML Policy applies in tandem with other policies as described elsewhere in this document.
The objectives of BILLIUM PAYMENT SERVICES PROVIDER AML Policy and the related procedures and other documents are to:
- Ensure compliance with relevant regulations
- Prevent BILLIUM PAYMENT SERVICES PROVIDER being used for the purposes of financial crime, money laundering or terrorist or proliferation financing
- Prevent it or its customers and clients from becoming victims of financial crime
- Prevent BILLIUM PAYMENT SERVICES PROVIDER from carrying out business outside of its risk appetite
- Understand, implement and enforce national and international sanctions
This AML Policy outlines the relevant regulations which apply to BILLIUM PAYMENT SERVICES PROVIDER, the responsibilities within BILLIUM PAYMENT SERVICES PROVIDER for risk management and compliance, an overview of the AML and CTF risk factors within the business, information on how BILLIUM PAYMENT SERVICES PROVIDER manages these risks, plus the risk, compliance, AML and CTF related training. The AML Policy is a statement of principle that BILLIUM PAYMENT SERVICES PROVIDER will not be party, directly or indirectly, knowingly or unknowingly, to any money laundering, terrorism or proliferation financing or related activity, and ensures that the company is not exposed to regulatory fines, cease and decease orders, personal or corporate, civil or criminal liabilities or withdrawal of license to operate.
BILLIUM PAYMENT SERVICES PROVIDER has a range of risk and compliance documentation, with each document and type of document fulfilling a specific role.
Type: High level policy documents
Example: Anti-Money Laundering and Terrorism Financing Policy
Description: AML Policy documents give a high-level overview of BILLIUM PAYMENT SERVICES PROVIDER risk and compliance framework and may include key processes but do not go into detailed processes and procedures or include specific or confidential information. AML Policy documents can be shared with third parties (e.g., authorities) in accordance with regulatory frameworks.
Type: Process documents
Example: Customer Due Diligence
Description: Process documents provide guidance to BILLIUM PAYMENT SERVICES PROVIDER staff on how to carry out specific functions and activities for compliance with AML Policy and regulations. These documents may include sensitive and confidential details (such as screening rules or specifics of fraud controls) and are not suitable for general distribution to third parties.
Type: Supporting documents
Example: Data request templates, Customer IDs, client’s corporate documents
Description: Supporting documents include specific templates and work products from compliance processes. Any completed documents or templates (e.g. with customer or clients data in) shall be confidential. Blank templates for completion by customers or clients are, by definition, suitable for sharing externally. Supporting documents also include any training or guidance material.
Type: Procedure documents
Example: Transaction Monitoring Rule Set
Description: Procedure documents contain step by step guidance to the employees on how to perform processes defined by the Board and senior management.
Use and adherence to this AML Policy and related guidance is mandatory for all employees of BILLIUM PAYMENT SERVICES PROVIDER, may decide to share this policy with selected partners in accordance with the Board’s or senior management’s instructions and in some instances, partners may also be contractually committed to adhering to this AML Policy.
In jurisdictions where local laws and regulations are stricter than this AML Policy, the local law prevails.
The regulatory environment, several laws and regulations apply to BILLIUM PAYMENT SERVICES PROVIDER business and operations.
The following regulators are relevant to BILLIUM PAYMENT SERVICES PROVIDER:
Anti-Money Laundering and Terrorist Financing Department (AMLD)
In August 2020, the UAE Central Bank (CBUAE) established a special department to address all issues related to combating money laundering and terrorist financing (AML/CFT). The Department for Supervision of Money Laundering and Terrorist Financing (AMLD) pursues three key objectives:
verification of Licensed Financial Institutions (LFI);
ensuring compliance with the UAE AML/CFT regulatory framework, as
well as identifying threats, vulnerabilities and emerging risks to the UAE financial sector.
The Securities and Commodities Authority (SCA)
The Office is a federal government agency. The main purpose of the Department is the supervision and monitoring of financial markets in the UAE, including the Dubai Financial Market and the Abu Dhabi Securities Exchange.
However, it is not responsible for regulating financial activities in free economic zones such as the Dubai International Financial Center, which are regulated by independent laws and courts such as DIFC.
Dubai Financial Services Authority (DFSA)
The Dubai Financial Services Authority is the financial regulatory authority of the Special Economic Zone, the Dubai International Financial Center (DIFC), in Dubai, United Arab Emirates. It differs from the UAE Federal Securities and Exchange Administration, whose jurisdiction extends to the wider territory of the UAE outside of DIFC. It operates only within the special economic zone and is responsible for ensuring a regulatory environment that meets international standards. In addition to regulating financial and support services, the DFSA is responsible for overseeing and enforcing the anti-Money Laundering (AML) and terrorist Financing (CTF) requirements applicable in the DIFC.
Directorate for Combating Money Laundering and Terrorist Financing
The company BILLIUM PAYMENT SERVICES PROVIDER is under the supervision of the UAE Anti-Money Laundering and Terrorist Financing Authority as an authorized institution for working with electronic money in accordance with the Regulations on Electronic Money 2011. E INTERNATIONAL FZ-LLC must periodically inform the about activities related to electronic money, as well as register its managers, beneficial owners and business controllers and ensure their compliance with the standards of "professional suitability and integrity.
UAE Ministry of Finance
The UAE Ministry of Finance is the competent authority for the purposes of managing financial sanctions in force in the UAE. This means that it manages the freezing regimes of funds and economic resources of the UAE that belong to or are owned, owned or controlled by persons whose assets are subject to seizure, as well as manages restrictions on the transfer of funds and the provision of certain financial services.
National Committee for Combating Money Laundering and the Financing of Terrorism and Illegal Organizations
The powers of this Committee include: preparation and development of a national strategy to combat crime, assessment of crime risks at the national level, coordination with relevant authorities and access to relevant international sources of information in order to identify high-risk countries in relation to money laundering and terrorist financing and instruct supervisory authorities to ensure compliance with the necessary due diligence procedures by financial institutions, certain non-financial enterprises and professions, as well as non-profit organizations that are under their supervision, Collecting and analyzing statistical data and other information provided by the Competent Authorities to assess the effectiveness of their Regulations on combating money laundering, terrorist financing, financing of illegal organizations and any other issues referred to the Committee by the competent authorities of the UAE.
Financial Intelligence Unit (FIU)
This unit is engaged in the study, analysis and storage of suspicious transaction reports (STR), and also requests from financial institutions, competent authorities any information that it may deem necessary to perform its duties to track criminal activity or specific transactions and determine the links between these goals, activities or transactions and potential proceeds of crime.
Moreover, FIU cooperates and coordinates with the Supervisory Authorities by disseminating the results of its own analysis, especially with regard to the quality of STR. FIU is obliged to share this information with the relevant law enforcement agencies when transferring the case for further investigation.
FIU exchanges information with its colleagues from the FIU in other countries about the PDF or any other information, tracking events related to crimes related to money laundering and terrorist financing.
Financial Action Task Force (FATF) is an intergovernmental body responsible for developing and implementing policies to combat money laundering, terrorist financing and other types of financial crimes in terms of developing standards and promoting the effective application of measures to combat money laundering, terrorist financing and the proliferation of weapons of mass destruction.
FATF standards include recommendations, as well as explanatory notes to them and definitions. The measures provided for by these standards are mandatory for all members of the organization. The extent to which the relevant measures have been implemented in practice is checked through a system of mutual assessments.
BILLIUM PAYMENT SERVICES PROVIDER must constantly identify, evaluate, document and update crime risks in its fields of activity, exercise due diligence and determine their extent based on the analysis of numerous risk aspects. BILLIUM PAYMENT SERVICES PROVIDER undertakes to keep records of all documents, both local and international, which must be provided to the competent authorities at their request without delay, as determined in accordance with the law.
Applicable financial crime laws and regulation
The following laws and regulations are applicable to BILLIUM PAYMENT SERVICES PROVIDER and applied by this AML Policy:
Federal Decree-law No. (20) of 2018 ON ANTI-MONEY LAUNDERING AND COMBATING THE FINANCING OF TERRORISM AND FINANCING OF ILLEGAL ORGANISATIONS
Federal Decree-law No. (20) of 2018 stipulates that the Cabinet of Ministers issues the executive regulations of the new decree. Any provision that contradicts the provisions of the new Decree is subject to repeal, including Federal Law No. (4) of 2002 on combating money laundering and the financing of terrorism.
Cabinet Decision No. (10) of 2019 CONCERNING THE IMPLEMENTING REGULATION OF DECREE LAW NO. (20) OF 2018 ON ANTI- MONEY LAUNDERING AND COMBATING THE FINANCING OF TERRORISM AND ILLEGAL ORGANISATIONS.
This Resolution enters into force Federal Decree-Law No. (20) of 2018, which is the fundamental regulatory document for combating money laundering and terrorist financing, and is also the legal framework that establishes definitions, functions, competencies, rules of interaction between authorities, as well as preventive measures and penalties for certain other offenses/crimes.
International Financial Sanctions
Various international sanction regimes also apply to BILLIUM PAYMENT SERVICES PROVIDER, the most prominent being sanction regimes of OFAC, HMT, the United Nations Security Council and the EU.
There are various other relevant guidelines which BILLIUM PAYMENT SERVICES PROVIDER has considered in this AML Policy, including:
- Financial Action Task Force (FATF) Guidance Notes
- Core Principles for Financial Supervision: Basel Committee on Banking Supervision (BCBS) Principles 1-3, 5-9, 11-15, 26, and 29;
- International Association of Insurance Supervisors (IAIS) Principles 1, 3-11, 18, FC033074.610441 5 10.02.2019.mn.FAA/ts 21-23, and 25;
- International Organization of Securities Commission (IOSCO) Principles 24, 28, 29 and 31; and Responsibilities A, B, C and D.
Updates to BILLIUM PAYMENT SERVICES PROVIDER policies and procedures will be reviewed and updated as required at least annually, based on changes in the following, but not limited to:
- The risk assessment or appetite of the business,
- The organizational size and structure, including specific personnel / Board changes,
- Changes to applicable laws, regulations and guidance,
- Changes in services offered to customers and clients and other business-related matters
Penalties for Non-Compliance
There are a variety of criminal and civil penalties for non-compliance with AML legislation and regulation. Corporate penalties include, including fines, impositions of internal monitors and/or loss of license to operate. Individuals may be subject to fines, restrictions on professional employment and/or imprisonment.
Reputational damage that may occur from incidents of non-compliance can be substantial and irreparable. Our goal and task are to minimize and eliminate these risks to the extent possible in order to ensure that BILLIUM PAYMENT SERVICES PROVIDER operates in accordance with best practice and applicable regulations.
BILLIUM PAYMENT SERVICES PROVIDER Model
Strategically as BILLIUM PAYMENT SERVICES PROVIDER grows, the market focus will expand to Europe and other economically stable and successful markets. BILLIUM PAYMENT SERVICES PROVIDER initial target markets are SMEs, certain segments of large businesses and classic retail businesses with high payment volumes, and also Europe and other economically stable and successful regions-based individuals.
BILLIUM PAYMENT SERVICES PROVIDER provides following services:
The aforementioned services, including, e-money accounts, payment services and other related services are provided by BILLIUM PAYMENT SERVICES PROVIDER to businesses and individuals (i.e. clients and customers). These e-money accounts and services are delivered through BILLIUM PAYMENT SERVICES PROVIDER proprietary technology platform, enabling clients and customers to access and administer their account and instruct payments through an online interface as well as through direct API integration.
Clients and customers
BILLIUM PAYMENT SERVICES PROVIDER has following types of clients and customers:
- Small to medium enterprises (SMEs),
- Certain segments of large businesses / enterprises and classic retail businesses with high payment volumes,
- Europe and other economically stable and successful markets-based individuals (customers)
Businesses are introduced to BILLIUM PAYMENT SERVICES PROVIDER and based on the businesses’ nature, turnover, activity, structure and connectivity to BILLIUM PAYMENT SERVICES PROVIDER platform, it is determined whether the business client will be categorized as SME or a Large enterprise. The client type (nature of business) determines their risk rating and therefore their level of required due diligence.
SMEs are common in many sectors of the UAE economy, but one of the latest statistical studies for 2019 shows that more than a quarter of all SMEs work in the real estate, rental and business sector, and the second most popular area is construction. Small and medium-sized enterprises are also widespread in the following industries:
• Construction services
• Transport, warehousing and communications
• Health and education services and products;
• Art and mass media
• Other activities in the field of public, social and personal services
• Wholesale and retail trade and repair
• Hotels and restaurants
Large enterprises are those that, by many factors, including revenue, net profit, total assets and market value of each company, are of fundamental importance for the economy of the UAE. Such major holdings as Emaar Properties, Emirates Group, Etisalat, as well as banking giants Abu Dhabi First Bank, Abu Dhabi Commercial Bank are known all over the world and make a huge contribution to the UAE economy, both in terms of income and in terms of job creation.
Considering the above and the business strategy of BILLIUM PAYMENT SERVICES PROVIDER to offer its e-money services to large enterprises, the relevant clients are subject to EDD.
Besides business clients BILLIUM PAYMENT SERVICES PROVIDER is targeting regular individual clients. BILLIUM PAYMENT SERVICES PROVIDER does not provide its services to other third countries residence and thus the relevant money laundering and terrorism and proliferation financing risk is significantly lower.
BILLIUM PAYMENT SERVICES PROVIDER faces with the risk that someone may use the company’s systems to launder money or finance terrorism or proliferation. In order to control these risks, BILLIUM PAYMENT SERVICES PROVIDER has implemented robust AML Policy and procedures aimed at preventing money laundering and terrorism and proliferation financing attempts by meeting compliance requirements set by Money Laundering regulations.
It is essential to BILLIUM PAYMENT SERVICES PROVIDER business success that it has a successful approach to risk and compliance including the prevention of money laundering and terrorism and proliferation financing. Failing to do so could result in damage to BILLIUM PAYMENT SERVICES PROVIDER reputation and that of our banking partners, financial loss, fines, loss of regulatory permissions and prosecution for individuals.
BILLIUM PAYMENT SERVICES PROVIDER performs complete Know Your Customer Processes on its own clients (SMEs and large enterprises) and with customers prior entering into business relationships and offering of services, inter alia by completing the necessary data forms and assessments to ensure that BILLIUM PAYMENT SERVICES PROVIDER is not placed under any undue additional regulatory or reputational risk.
BILLIUM PAYMENT SERVICES PROVIDER:
- Contractually obliges business clients to carry out specific diligence enquiries.
- Conducts diligence on clients’ documentation, seeking additional assurance according to the outcome of an initial risk assessment
- Carries out regulatory, legal, reputational and operational risk assessments on all prospects
- Routinely meets or interacts with clients and prospects to gain assurance with regards to the compliance culture in place
- Verifies annual Audits on each client
- Conducts transactional due diligence and regular transaction monitoring and requests further KYC and performs EDD when required
- Carries out sample spot checks on the clients KYC
- Carries out a CDD refresh and update process
Risk Based Approach
Under AML legislation BILLIUM PAYMENT SERVICES PROVIDER is required to apply a risk-based approach (RBA) to the design and operation of its internal controls. The business assesses the risk that specific relationships, behaviors and actions expose the company/and or its employees and designs and implements controls to mitigate them.
Factors considered within the RBA include UAE and EU jurisdictions, licensing requirements, products/services, delivery channel and client business activity. Using a RBA does not exclude the adoption of prescriptive rules where required. Application of the governance structure, risk assessment and completion of KYC, use of TM are some key processes we use to implement the RBA.
Using the RBA ensures that the controls are proportional, effective and directed towards activities and relationships, that present the greatest risks.
Roles and Responsibilities
In application of the Risk Based Approach, the role and objectives of the BILLIUM PAYMENT SERVICES PROVIDER Compliance Function occurs within the framework of the “four lines of defense model” (4 LoD). The 4 LoD apportions responsibilities within BILLIUM PAYMENT SERVICES PROVIDER compliance framework to certain contributors. Responsibilities for compliance sits, in some ways, with all employees.
The compliance function is responsible for the delivery, maintenance and improvement of the compliance and risk control framework and is focused on the mitigating financial crime risks.
By conducting the following activities:
- On-boarding due diligence
- Transactional due diligence,
- Suspicious activity identification,
- Monitoring & reporting and training.
- Evaluating money laundering, financial crime and compliance risk.
- Ensuring clients are within legal parameters and are not undertaking money laundering or criminal activities.
- Deal with and escalating actual and suspected money laundering, sanctions breaches and fraud cases with clients and customers and relevant authorities such as the National Committee for Combating Money Laundering and the Financing of Terrorism and Illegal Organizations, the Police and regulators.
- Federal Decree-law No. (20) of 2018 ON ANTI-MONEY LAUNDERING AND COMBATING THE FINANCING OF TERRORISM AND FINANCING OF ILLEGAL ORGANISATIONS.
- Conduct compliance monitoring reviews and audits and promote and advise on compliance best-practice within critical business areas.
The Board of Directors of BILLIUM PAYMENT SERVICES PROVIDER are committed to ensuring the business operates in a compliant manner and maintains a comprehensive and robust risk-based regime to prevent BILLIUM PAYMENT SERVICES PROVIDER from being used for the purposes of financial crime or terrorism and proliferation financing.
The Board is responsible for appointing a Money Laundering Reporting Office (MLRO).
The Board delegates the supervision of financial crime risks and monitoring compliance with legal obligations to the Risk Committee and day-to-day responsibility to the MLRO. The 9th Article of Federal Decree-law No. (20) of 2018 extends this responsibility to Financial Institutions and DNFBP’s which required to take reasonable measures to verify and identify of the beneficial owner of legal persons and legal agreements by using information, data, statistics acquired from a reliable source. This definition will therefore not be restricted to members of the Board of Directors.
Please refer to the Risk Management Policy for full details on the Risk Committee and risk management approach.
The Risk Committee covers money laundering and financial crime risk under this approach.
Money Laundering Reporting Officer (MLRO)
The MLRO is Ms. Galina Rakomina. When the MLRO is unavailable the Risk and Compliance Manager will deputies.
The MLRO is responsible for the formulation, implementation and supervision of a robust AML framework. The MLRO has the following specific responsibilities:
- Developing AML and customer due diligence policies that support BILLIUM PAYMENT SERVICES PROVIDER regulatory obligations.
- Developing standards for customer KYB/KYC during on boarding as well as ongoing screening and transaction monitoring.
- Putting in place AML and KYB/KYC procedures to implement this AML Policy.
- Reviewing policies, procedures and standards with the Risk Committee to obtain peer review and input.
- Ensuring the employees are sufficiently trained so as to be aware of compliance policies and procedures and their responsibility to abide by them.
- Specifically ensuring employees have clear guidance on spotting suspicious activity and understand their responsibility to report it to the MLRO and avoid tipping off.
- Receive internal reports on suspicious transactions and customers, consider these and make external reports (as appropriate) to the National Crime Agency (NCA).
- Approving high-risk clients and transactions in line with AML Policy. The MLRO refers any unusual cases to the Risk Committee at his discretion.
- Report to the Risk Committee and Board annually on the operation and effectiveness of controls in place across the business and provide recommendations for improvements.
- Updating policies and procedures in line with recommendations from regulators, banking partners and industry best practice; communicated the relevant changes to employees.
- Acting as a focal point for liaison with regulators, law enforcement and other third parties.
BILLIUM PAYMENT SERVICES PROVIDER are subject to an independent assurance regarding the design and operational effectiveness of the control framework and compliance issues through an annual external audit (or, when necessary, more frequent audits). BILLIUM PAYMENT SERVICES PROVIDER regulators can audit/visit/engage the company at their will, providing another opportunity for scrutiny and potential improvement of the control framework, albeit on a less frequent and more ad hoc basis.
A clear, accurate, and consistent audit trail is another key component of a strong AML program. In this context, BILLIUM PAYMENT SERVICES PROVIDER aims to maintain a high reputation and responsibility towards the authorities and regulators in accordance with applicable laws and regulations, so BILLIUM PAYMENT SERVICES PROVIDER chooses to engage experienced, knowledgeable and professional auditors.
BILLIUM PAYMENT SERVICES PROVIDER applies a Risk Based Approach across the business, this requires identification, assessment, understanding and mitigation of AML/CTF risk including considering risk factors such as customer, product, geography and channel. There is a requirement to evidence this approach as instructed by the issued AML directives and the evidence is readily available upon request.
This section outlines the assessment BILLIUM PAYMENT SERVICES PROVIDER has made of the likelihood the business could be used for financial crime and the steps we take to mitigate risks. The assessment of the risk posed by a client or customer is taken into consideration the following risk categories:
- Type of client and the nature of the business
- The services we offer
- The delivery channels
- The geographic location of the client / customer and their beneficiary
The nature of our clients’ and customers’ businesses
Clients and customers of BILLIUM PAYMENT SERVICES PROVIDER range from long-established corporations who have gone through a face-to-face direct sales process (which are low risk) to newly established businesses who have applied online for the service (which are higher risk). They also have various forms of corporate structure, including limited companies, partnerships and sole traders amongst others.
Various clients offer innovative services, incl., FinTech and IT services. In FinTech money laundering is attractive for offenders because the increase in the rate of initiation of transactions in these systems, unlimited money flow and the transaction of anonymous accounts facilitates money laundering for criminals. With the increase in digital money circulation, criminals continue their money laundering activities in this direction. Also, the fact that electronic AML (transaction laundering) has started to replace traditional AML. In this case, it shows that FinTech is a potential target for money laundering criminal organizations. As a result of all these data, FinTech may be exposed to serious AML risks, which is taken into account by BILLIUM PAYMENT SERVICES PROVIDER.
High Risk Businesses
The following is a list of business activities that we consider to be high risk. The list is not exhaustive and is reviewed by the Risk Committee on a quarterly basis and the Board updated.
- Financial Services businesses
- Financial Technology businesses
- Subsidiary businesses where we need to follow a chain to reach beneficial owners.
- Unregistered charities
- Defense and aerospace
- Clients linked with Politically Exposed Persons (PEPs)
- Clients linked to adverse press
Applications from such businesses are referred to the manual process for deeper review and a decision from the MLRO as to whether they are acceptable or not on a case-by-case basis.
Regarding Financial Services and Financial Technology businesses in particular, the following are examples of sub-sectors which would be of an acceptable risk level (though each business would still be subject to individual review):
- Pay day lending businesses
- Invoice finance businesses
- Crowd funding businesses
The following are examples of sub-sectors which would be unacceptably high risk:
- Cash based businesses
- International remittance businesses
- Bureau de change businesses
Regarding Trusts in particular, these are assumed to be unacceptably high risk (including where a Trust is included in the beneficial ownership structure of a client) unless a clear rationale for the existence of the trust can be obtained, along with acceptable documentation providing complete clarity of the individuals involved in the trust. Such cases are subject to review and acceptance by the MLRO as with all high-risk businesses, as well as being subject to review and acceptance from relevant banking partners where required.
The following is a non - exhaustive list of business activities that we consider to be unacceptably high risk. BILLIUM PAYMENT SERVICES PROVIDER do not offer services to clients in these categories:
- Online gambling
- Adult entertainment
- Unregulated entities conducting activities that require regulations
- Bitcoin/crypto currency businesses
Our Delivery Channels
BILLIUM PAYMENT SERVICES PROVIDER’s services mainly are applied for and delivered electronically to the client / customer, predominantly without face-to-face interaction. This gives rise to greater risk due to the need to remotely verify the business and individual we are dealing with and assess the authenticity of the of the person instructing us. The online nature of this increases the risk of identity fraud. Where we have gone through a face to face sales process, this risk is reduced. This is carried out with our larger or high-risk clients.
We are focused on attracting and servicing customers and clients all over the world for the foreseeable future, which reduces the risk. BILLIUM PAYMENT SERVICES PROVIDER has no association with or processes transactions to the following sanctioned countries:
- North Korea
- Myanmar (previously Burma)
- Ivory Coast (Cote D’Ivoire)
No transactions are processed to BILLIUM PAYMENT SERVICES PROVIDER list of High-Risk countries below, however, clients and customers of BILLIUM PAYMENT SERVICES PROVIDER might have an association to these countries:
BILLIUM PAYMENT SERVICES PROVIDER may have association with the above countries through residence of UBOs of clients. If BILLIUM PAYMENT SERVICES PROVIDER identifies UBOs or directors associated with the list of sanctioned countries, the on-boarding of the prospect customer will cease. If BILLIUM PAYMENT SERVICES PROVIDER identifies UBOs or directors associated with the list of high-risk countries, EDD will be carried out to ensure BILLIUM PAYMENT SERVICES PROVIDER mitigates the associated risks of that country.
Risk assessment is one of the main activities of the UAE Supervisory Authorities. This requires BILLIUM PAYMENT SERVICES PROVIDER to:
- Perform a risk assessment on countries outside of the UAE before conducting business.
- Take into account the UAEs National Risk Assessment and apply own AML risk assessments to ensure effective management and identification of money laundering and terrorism and proliferation financing.
As per the Risk Management Policy, the Risk Committee produces and maintains a Risk Register which will reflect financial crime risk as well as broader business risks.
Approach to Financial Crime Risk
Customer Due Diligence
Below provides an On-boarding process flow for BILLIUM PAYMENT SERVICES PROVIDER clients and customers types.
Standard Due Diligence (SDD) or Enhanced Due Diligence (EDD)
Enhanced Due Diligence (EDD)
Simplified Due Diligence (SIMPDD), Standard Due Diligence (SDD) or Enhanced Due Diligence (EDD)
in cases of higher AML risks identified within the SDD
in cases of higher AML risks identified within the SDD
in cases of higher AML risks identified within the SDD
BILLIUM PAYMENT SERVICES PROVIDER categorizes a client’s risk based on the client’s nature and volume of business, residence country and corporate structure. This is due to the current number of clients, the geographic location and the industry sectors BILLIUM PAYMENT SERVICES PROVIDER maintains. Other risk factors are assessed throughout the on-boarding processes.
Generally, SDD is applicable to SMEs. In case of any red-flags or higher AML risks identified within the SDD (incl., but not limited to connection with high risk countries or relation with PEPs), SMEs will be subject to EDD procedures.
- SMEs will complete an BILLIUM PAYMENT SERVICES PROVIDER application form
- Will be risk assessed and then subject to either SDD or EDD
Due to the volume of business (incl. turnover) the large enterprises are subject to:
- Signing of T&Cs, terms of business and an application form
- Other activities according to AML procedures
. In case of any red-flags or higher AML risks identified within the SDD (incl., but not limited to adverse media or PEP), the customers also will be subject to EDD procedures.
The overall KYC process includes the following:
- An online assessment of the client / customer including understanding its nature of business, payment flow, intention to use BILLIUM PAYMENT SERVICES PROVIDER and adverse media checks
- Collection of documents from online sources such as Companies House and others
- ComplyAdvantage checks: screening of the entity and individuals (25% or more ownership)
- Collection of identity documentation where required i.e. ID card, passport and/or Utility bills
- Assessment of Customers Accounts or proof of source of funds (SOF)
- EDD SOF review (EDD)
- Assessment of customers KYC controls (EDD)
- A review of the AML policy (EDD)
- A letter committing the customer the standard of their on-going CDD controls (EDD)
BILLIUM PAYMENT SERVICES PROVIDER protects against involvement in terrorism and proliferation financing through the Screening of all customers (including controllers and beneficial owners). BILLIUM PAYMENT SERVICES PROVIDER also has an overall obligation to hold adequate and current information on their beneficial ownership. This information will be required to be made readily available to both competent authorities and obliged entities on request.
The customer can pass SDD with the information provided in the application form e.g. a sole trader who has passed all the electronic KYC checks. Where the electronic KYC checks require further information, a manual review is applied and further documentation is requested.
BILLIUM PAYMENT SERVICES PROVIDER is aware that electronic KYC, whilst prevalent, is not common practice in other geographies where electronic sources of data are not ready available. BILLIUM PAYMENT SERVICES PROVIDER will assess new geographic markets before entering them, which will include an assessment of how BILLIUM PAYMENT SERVICES PROVIDER will fulfil its regulatory obligations within those markets, and as part of this will assess how it would go about customer due diligence within that geography. Where necessary, BILLIUM PAYMENT SERVICES PROVIDER will revert to alternative means to meet its regulatory obligations, which may include obtaining due diligence documents from client and customers as proof of incorporation, shareholding, identity and address.
BILLIUM PAYMENT SERVICES PROVIDER identifies all entities with 25% or more ownership directly or indirectly of the prospect client. Where possible all other entities in the chain are identified via online sources. Each entity over 25% ownership is screened against PEP/ Sanctions lists through our 3rd party provider, if there is a potential hit, proof of identity and/or address is requested to discount any hits. This results in individuals over 25% being verified.
Acceptable documents as proof of identity and address are described in the instructions to using the Due Diligence Process. As BILLIUM PAYMENT SERVICES PROVIDER clients are also businesses it’s also possible that the beneficial owner (either a business or an individual) may be based overseas, in order to identify and verify this we request additional documentation and information.
BILLIUM PAYMENT SERVICES PROVIDER Politically Exposed Persons’ policy (hereinafter - PEP Policy) includes the following:
- PEP Definition: Does not distinguish between foreign and domestic PEPs, and acknowledges that there is no universally agreed definition
- AML risks that PEPs represent
- How PEPs and links to PEPs are identified through AML processes
- EDD measures applied to mitigate these increased risks
- Investigation and recording actions that must be taken once links to PEPs are discovered
- Decision making process for the management when deciding whether to do business with (provide services to) PEPs
- Record keeping requirements
- On-going monitoring of PEP relationships
- Firm-wide training on PEPs
A Politically Exposed Person (PEP) is defined as “an individual who is or has at any time in the preceding years, been entrusted with prominent public functions and an immediate family member or known close associate of such a person". BILLIUM PAYMENT SERVICES PROVIDER does not distinguish between foreign and domestic PEPs.
BILLIUM PAYMENT SERVICES PROVIDER recognizes the potentially higher levels of AML and sanction risks posed by individuals identified as Politically Exposed Persons and any companies in which they may have an active, direct or indirect or controlling interest. BILLIUM PAYMENT SERVICES PROVIDER takes measures to mitigate the increased risk that PEPs represent, including, but not limited to the following measures:
- Monitoring the directors and UBOs of the clients or customers in the relevant PEP-search public data bases;
- Monitoring the transactions of clients, directors and UBOs of those are PEPs, or customers being PEPs
- Acquiring of senior management’s approval for a new business relationship
- Establishing where the person’s wealth and the funds involved in the business relationship come from (SOF)
- Monitoring of the business relationship in which the transaction is made to determine whether that transaction or that relationship appear to be suspicious
- Understanding better the background, ownership and financial situation of clients and customers, and other parties to the transaction
Once BILLIUM PAYMENT SERVICES PROVIDER has completed the KYC on the customer, a risk profile summary will be completed and the customer will be added to the CDD refresh cycle, transaction monitoring profiles and velocity controls profiles to commence the on-going monitoring.
As an AEMI BILLIUM PAYMENT SERVICES PROVIDER is required to perform on-going monitoring of its client and customer base to ensure that the information held is up to date. This is achieved by a program of CDD ‘refreshes’, the frequency of which is dictated by the risk designation of the client determined after completion of the on-board.
- Standard Risk (low and medium) clients and customers warrant standard on-going monitoring therefore their CDD is refreshed once a year for BILLIUM PAYMENT SERVICES PROVIDER
- Increased Risk (high) clients and customers warrant enhanced on-going monitoring meaning their CDD is refreshed every 6 months for BILLIUM PAYMENT SERVICES PROVIDER
- Trigger events such as negative news, addition of a new product, becoming related to a PEP or a learned material structural change would also trigger a CDD refresh if outside the normal timeframe.
Real Time Monitoring
BILLIUM PAYMENT SERVICES PROVIDER has implemented ‘real time’ velocity alerts per client and customer type & risk rating. The velocity alerts allow channel, fraud and AML & CTF risk to be mitigated. The velocity alerts are parameters set to alert the compliance function to behavior outside the clients and customers profile, e.g., high value, volume or an increased number of pay-ins and pay-outs.
ComplyAdvantage has a daily monitor checking each entity against variety of lists and adverse media articles.
BILLIUM PAYMENT SERVICES PROVIDER utilizes rules-based transaction monitoring and screening to raise flags for manual review. This monitoring is to enable the detection of potentially suspicious or fraudulent behavior. Below is a high-level view of the rules, further detail can be found in the Transaction Monitoring Rule Set.
Rules are made up of a combination of:
- Generic rules which are applied across all clients and customers, such as those to identify:
- Structuring, or entering multiple payments just below certain limits
- Individual high value payments
- High value of payments over a set period
- Payments to/from specific countries or high value payments to new beneficiaries
- Payments where the reference information entered causes suspicion
- Customer specific rules based on expected volumes and behavior for different client and customer groups:
- Higher than expected value of payments (individual and over a set period)
- Higher than expected number of payments over a set period
Monitoring applies to both inbound and outbound payment flows.
Monitoring includes a combination of:
- Retrospective monitoring where the payment is processed but may be subsequently investigated, for example:
- Where the flag is raised due to a pattern over a period of time
- Where the flag is raised due to data which was not available to BILLIUM PAYMENT SERVICES PROVIDER at the point when the transaction was authorized, as may be the case on e-money account payments
- “In flow” screening where the payment is blocked pending investigation or confirmation from the customer, for example:
- High value payments, outside of a client’s or customer’s usual profile, to a new beneficiary, instructed through the BILLIUM PAYMENT SERVICES PROVIDER platform and services
- Payments where the reference information entered causes suspicion
The BILLIUM PAYMENT SERVICES PROVIDER platform retains details of the client, the customer and the beneficiary, including referencing for every transaction so that transactions can always be linked back to particular payers and payees.
BILLIUM PAYMENT SERVICES PROVIDER implements Velocity Alerts, real time warnings that notify the compliance team to investigate. There are 3 types of Alerts: warn, hold and stop. These are built on parameters of velocity, client type and value to mitigate fraud, channel and AML / sanction risks.
Sanctions are normally used by the international community for one or more of the following reasons:
- to encourage a change in behavior of a target country or regime;
- to apply pressure on a target country to comply with set objectives;
- as an enforcement tool when international peace and security has been threatened and diplomatic efforts have failed;
- to prevent and suppress the financing of terrorists and terrorist acts.
Financial sanctions are normally one element of a package of measures used to achieve one or more of the above. Financial sanctions measures can vary from the comprehensive – prohibiting the transfer of funds to a sanctioned country/individual and freezing the assets of a government, the corporate entities and residents of the target country – to targeted asset freezes on individuals/entities.
Taken into consideration UAE regulations, BILLIUM PAYMENT SERVICES PROVIDER uses additional tools to check potential or actual Merchants against OFAC and non-OFAC sanction lists. It is essentially important for BILLIUM PAYMENT SERVICES PROVIDER not to establish any business activity with the companies (individuals) which are included in these lists.
Before opening an account, and on an ongoing basis, BILLIUM PAYMENT SERVICES PROVIDER will check to ensure that a customer does not appear on sanction list or is not engaging in transactions that are prohibited by the economic sanctions and embargoes administered and enforced by US, UK, EU and the United Nations.
If BILLIUM PAYMENT SERVICES PROVIDER determines that a client or a customer is on the one of sanctions list or is engaging in transactions that are prohibited by the economic sanctions and embargoes administered and enforced by regulations, the company will reject the transaction and/or block the customer's assets and file a blocked asset and/or rejected transaction.
Taking into account the cross-border business of BILLIUM PAYMENT SERVICES PROVIDER, it is very carefully processing its clients and customers SDD, EDD, ongoing transaction monitoring and other activities to prevent possible violation of the ML/TF and other limitations/restrictions.
As BILLIUM PAYMENT SERVICES PROVIDER will use automated screening program with ‘fuzzy matching’ logic and which is calibrated in accordance to BILLIUM PAYMENT SERVICES PROVIDER risk level, once the integrated screening lists (including OFAC SDN list) will be updated within the program, the screening process will be performed using the most recent lists immediately, but in any case, not later than within 1 week after the screening lists updated.
Clients and customers with whom a business relationship is established would be screened against relevant notices published by:
- The Office of Foreign Assets Control (OFAC);
- UAE Ministry of Finance;
- European Union sanctions (EU);
- The United Nations Security Council sanctions (UN);
- Other lists: (AML) Supporting - ComplyAdvantage Compliance Data Overview
If a positive match is discovered, the responsible employee must inform MLRO immediately. MLRO must investigate received information and if positive match, inform the responsible employee which must block the customer in operational system until consent is given to proceed or refuse. MLRO makes a disclosure to the relevant authorities.
Suspicious Activity Reporting
The MLRO is responsible for evaluating identified suspicious activity that has been reported internally and, where appropriate, reporting this on to the NCA via the SAR Online reporting system.
The MLRO maintains a SAR log to keep a record of all internal and external SARs. All records are retained for a minimum of five years and can only be accessed by approved individuals. The MLRO reports on the number of SARs raised (internally and externally) to the Risk Committee and the Board.
Employees are trained on the internal reporting process and criteria for raising suspicion (see section 9 below for more detail on Training). Employees complete the Internal SAR template (see Appendix 1) and provide this by email or hard copy to the MLRO.
The MLRO reviews the Internal SAR as a matter of urgency. Where possible the MLRO refers to the Risk Committee to decide what actions BILLIUM PAYMENT SERVICES PROVIDER will take with a client or a customer who has been the subject of an internal SAR. However, where the MLRO feels that an external SAR needs to be raised and the Risk Committee cannot meet imminently, the MLRO raises an external SAR to the NCA and keep the Risk Committee appraised to avoid undue delay.
Based on the review of the Internal SAR and any additional information the MLRO may need, the MLRO provides guidance to the reporting employee on how to proceed with regards to this particular client, customer or prospect.
To avoid tipping off, employees must not inform any client, customer, prospect or linked third party that a SAR has been filed. In these cases, employees should continue to work with the third party under guidance from the MLRO, who will obtain consents from the NCA as necessary. Employees should raise any questions or uncertainty (for example as to whether certain actions would constitute tipping off) with the MLRO without delay in order to obtain relevant guidance.
When an External SAR is required, the MLRO reports this to the NCA using the SAR Online tool. The MLRO is required to provide all necessary detail including the information from the relevant Internal SAR plus additional information around the service being provided and the KYB and KYC steps taken on the Reported Subject. The MLRO will also request consent as appropriate.
The MLRO is also responsible for reporting any inappropriate use of, or breaches of confidentiality of SARs, which they will do via the relevant NCA hotline.
In addition to the steps and checks outlined above, BILLIUM PAYMENT SERVICES PROVIDER carries out additional checks and screening at client and customer application stage for the purposes of preventing fraud. The specific checks vary as the nature of fraudulent application attempts varies over time, but include for example:
- Monitoring of IP addresses; receiving multiple applications from the same IP address would indicate fraud and after a threshold number these applications would be referred.
- Monitoring of post codes and maintaining a list of “bad” post codes; identity theft incidents commonly center around certain locations so if we found that a particular account had been applied for on a stolen identity, the post code could be listed for referral should any further applications come from individuals in the surrounding area.
- Monitoring of the number of failed applications; high volumes of failed applications over a short period could indicate a potential fraudster testing the strength of the system or the checks.
- Where relying on documents we look to follow best practice such as document checking tools to aid in identifying fake documents.
- We look to utilize other relevant sources of information such as CIFAS to aid in detection of potential fraudulent applications.
We communicate clearly to clients and customers that they should never share any confidential information and personal data (such as passcodes or PINs) with third parties and apply strong/two factor authentication steps to relevant actions within the BILLIUM PAYMENT SERVICES PROVIDER platform.
Lastly, via our transaction monitoring tool, we have set parameters specifically designed to identify possible fraudulent activity, high number of pay-ins or pay-outs from the same or multiple individuals is one of example. The controls are assessed and developed monthly in order to mitigate the varying fraud risk.
It is mandatory for all BILLIUM PAYMENT SERVICES PROVIDER employees (including the Board and senior management) to undertake AML Training.
- The MLRO has overall responsibility for the establishment, maintenance and recording of training, including attendance.
- Training is undertaken at least once per annum by all BILLIUM PAYMENT SERVICES PROVIDER employees.
All employees take basic compliance training, to provide them with an appreciation and understanding of the regulations BILLIUM PAYMENT SERVICES PROVIDER operates under, including specifically the importance of the AML and related anti-money laundering and counter terrorism and proliferation financing procedures. New employees complete their training upon joining BILLIUM PAYMENT SERVICES PROVIDER and their training is refreshed on an annual refresh basis. The content is provided below:
- BILLIUM PAYMENT SERVICES PROVIDER obligations under the applicable financial crime laws and regulations (as per 2.5.2), including the electronic money regulations and payment services regulations in particular
- BILLIUM PAYMENT SERVICES PROVIDER compliance and risk framework
- BILLIUM PAYMENT SERVICES PROVIDER policies and procedures, including specifically the customer due diligence and transaction monitoring procedures and the SAR process
Employees with responsibility for customer due diligence and transaction monitoring undergo additional training and certification where this is deemed necessary by the MLRO and Risk Committee.
To ensure that learning is an on-going process, BILLIUM PAYMENT SERVICES PROVIDER has bi-weekly ‘BILLIUM PAYMENT SERVICES PROVIDER Uni’ sessions where individuals present on various topics across the business.
BILLIUM PAYMENT SERVICES PROVIDER seeks to comply with both AML and Data-Protection legislation.
BILLIUM PAYMENT SERVICES PROVIDER retains a variety of records as part of its business operations:
- Copies of, or references to, the evidence obtained of a customer’s or client’s representatives and UBOs identity. Retained for five years after the end of the customer relationship.
- Details of client and customer transactions retained for five years from the date of the transaction (i.e. activities in relation to the business relationship are completed).
- CDD documentation is retained for a maximum of five years after the business relationship has ended (according to AML directives)
- Records of all AML and CTF training delivered includes dates and attendance.
- Log of all internal and external SARs including dates and details of actions taken in respect of internal and external suspicion reports. Specifically including details of information considered by the MLRO in respect of an internal report where no external report was made.
- Log of business risks including the likelihood and impact scores and any related mitigating actions taken.
Dealing with Third Parties
Third Party Information Requests
BILLIUM PAYMENT SERVICES PROVIDER may from time to time receive requests for information relating to financial crime concerns from regulators, law enforcement or the compliance or fraud departments of third parties. All such contact should be directed to the MLRO in the first instance. Any employees who receive such contact should:
- Take the name and contract details of the person
- Not answer any questions or pass on any information or documents
- State that the MLRO will contact the person back on an independently verified number
- Note that BILLIUM PAYMENT SERVICES PROVIDER will only release information with a court order or a request based on legal grounds
- If, within the meaning of Federal Decree-Law No. (20) of 2018, disclosure of personal information is required, we will disclose it only for the specified purpose and only if its non-disclosure can significantly interfere with the actions of the police to prevent a crime or capture a suspect.
- The Federal Decree-Law No. (20) of 2018also provide clarity as to the application of AML/ CTF rules for subsidiaries in countries where AML/CTF legislation is deemed deficient or non-equivalent. In these instances, the AML/CTF legislation applicable in the regulated entity’s home MS or equivalent standard should be applied.
The MLRO will deal with such requests with reference to Risk Committee where required.
Appendix 1 – Internal Suspicious Activity Report Template
Client, Customer or Prospect Name: ______________________________________
Client or Customer Account Number: ______________________________________
Client registration number or Customer’s ID Number: __________________________
Source of Client, Customer or Prospect (if known): _______________________________
Reason for report:
Please detail the events, activities or transactions which have caused you to be suspicious. Please provide details of any specific transactions; dates, amounts, type of transaction, Company’s account which the transaction was carried out on. Please explain how/why you became suspicious of this activity. If it differs from normal or expected activity for this client, please clarify how it differs.
Date of signature
To be completed by MLRO
Date of signature