AML-CTF Policy

Last Updated: 28/07/2021

  • 1 VERSION CONTROL

     

    VersionVersion DescriptionAuthorReviewerDate ApprovedDescription
    1.0Policy first draftRyan Mueller March 23,
    2020
    Initial creation of document
    1.1Finalized policy for team reviewRyan Mueller May 11,
    2020
    Minor amendments to first draft
    1.2Edits pursuant to some business changesRyan Mueller June 24,
    2020
    Added MSB registration number, minor edits to risk assessment
    1.3Added jurisdictions serviced outside CanadaRyan Mueller November 18, 2020Added international jurisdictions serviced
    1.4Corrected page number discrepancies, minimal updates throughoutRyan Mueller February 24,
    2021
    Minimal, non- material updates
    1.5Updated CCORyan Mueller July 14,
    2021
    Updated CCO

    2 DOCUMENT DETAILS

    2.1 PROCESS NAME

    AML-CTF Policy – contains:

    • AML/CTF Brief
    • Secure Digital Markets Compliance Regime
    • FINTRAC Requirements
    • Risk Assessment
    • Record Keeping
    • Politically Exposed Persons
    • Client Intake
    • Mandataries
    • Monitoring

    2.2 OBJECTIVE/GOAL

    Document objective is to outline the requirements for compliance with Canadian regulations, specifically the Proceeds of Crime (Money Laundering) and Terrorist Financing Act. Risks are assessed, strategies to mitigate/transfer/avoid outlined, and additional aspects of the compliance regime summarized.

    2.3 DESCRIPTION

    This document provides an internal/external reference for staff and partners to consult at any time.

    2.4 PARENT PROCESS

    None.

    2.5 OWNERSHIP

     NameDesignationDept/DivisionEmail
    PrimarySanjay DuggalChief Compliance Officer sanjay@securedigitalmarkets.com
    SecondaryRyan MuellerDeputy Compliance Officer ryan@securedigitalmarkets.com

    2.6 POLICIES INVOLVED

    #Policy &/or RuleDetails/Reference
    2Customer Intake   
    3Country Acceptance   
    4Business Client Acceptance   
    5Customer Document Retention   

    2.7 KEY STAKEHOLDERS

    Key stakeholders in this process include:

    • Operational staff
    • Executive
    • Legal counsel
    • Merchants
    • Consumers
    • Brokers, mandataries, and other client

    3 INTRODUCTION

    3.1 AML-CTF BRIEF

    • Secure Digital Markets, is a privately owned business that buys and sells crypto currencies directly to/from individual and business clients
    • Secure Digital Markets is a registered MSB (M20531684) operating within Canada servicing private individuals and corporate entities in Canada and a limited set of international jurisdictions
    • Secure Digital Markets operates exclusively using OTC (over the counter) and private brokerage models
    • Headquartered in Toronto, Secure Digital Markets has been active in the Canadian crypto industry for years
    • At present Secure Digital Markets supports buy and sell orders in multiple crypto currencies
    • Exchange, arbitrage, and other crypto services are not directly offered at this time
    • Secure Digital Markets does not accept cash from customers
    • Secure Digital Markets does not participate in, endorse, or otherwise affiliate with ICOs at this
    • Secure Digital Markets does not list, participate in, endorse, or otherwise affiliate with security tokens
    • Business clients are defined as businesses that have a current contractual relationship with Secure Digital Markets, individual clients are defined as individuals or business entities that have a direct relationship with Secure Digital Markets at time of purchase and may also acquire goods/services from clients of Secure Digital Markets
    • Secure Digital Markets does not allow sub-brokerage models or use mandataries at this time
    • Further explanation of mandataries, clients, customers and their relationship to Secure Digital Markets is contained in this document and other policies in the compliance and operational suite
    • Money laundering is defined as the process used to disguise, or attempt to disguise, the source of funds or assets derived/sourced from criminal or illicit activity
    • There are 3 “typical” stages in the process:
      • Placement – initial deposit of proceeds of crime into the financial system, placement may or may not include the predicate offense from which illicit funds were derived
      • Layering conducting multiple transactions and/or transfers to convert illicit funds to another form and obfuscate the true source/original placement
    • Layering may include transferring the value from one vehicle/object to another including purchase of high value assets (jewelry, vehicles, property) and multiple money transfers from one instrument to another (money orders, checks, bearer bonds, prepaid cards, )
    • Multiple BTC or other crypto transactions between related wallets is a perfect example of layering
    • Integration withdrawal or conversion of the funds to a “clean” form, typically this includes “fencing” stolen or illicitly obtained goods for comparable value, this could be selling bitcoin for cash or wire or reselling stolen goods for cash
    • Money laundering may, or may not be, accompanied by a predicate criminal offense
      • A simple money laundering scheme may involve using a stolen financial instrument to purchase a high value item intended for resale, in this case theft of the financial instrument precedes the use/attempted conversion of same
      • A more complex scheme could involve the purchase of multiple prepaid cards followed by fictitious purchases with the cards to a shell merchant with the intention of receiving the funds via a commercial settlement payment
    • With regard to Secure Digital Markets the largest money laundering risks lie in criminals seeking to purchase crypto to place and layer illicit funds in the legitimate economy, criminals conducting illicit transactions on behalf of themselves or an undisclosed third party, or criminals using stolen identities/financial instruments to purchase crypto currencies
    • Terrorist financing is the application of funds/assets, whether legitimately derived or not, to fund terrorist activities and organizations
    • Funds may be sourced from a variety of sources including donations, real business activities, AND from criminal sources such as drug/human trafficking and other illicit industries
    • The movement of funds for terrorist financing often mimics that of money laundering in that one, or more, of the points at which the funds enter/exit the financial system is being intentionally obfuscated
    • Secure Digital Markets is registered as a money services business (MSB) with FINTRAC registration number (M20531684), and our business activities are informed by this
    • Secure Digital Markets, and related entities, strive follow the rules and regulations defined by Canada’s Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and adopt MSB best practices where possible
    • FINTRAC provides regulatory oversight to the MSB industry and Secure Digital Markets is registered with FINTRAC as noted above
    • Secure Digital Markets has implemented a compliance regime that references the requirements for MSBs under the PCMLTFA
      • Note that Secure Digital Markets does not provide MSB services such as:
        • Check cashing
        • Money transferring/remittance
        • Money order/traveler’s cheque services
      • Secure Digital Markets may be subject to audits by FINTRAC, the Canadian Securities Commission or other regulatory entities
      • Secure Digital Markets supports the efforts of FINTRAC to mitigate and curtail illicit activity and will provide reasonable assistance to FINTRAC, and it’s designates, in the event of an audit or reportable event
    • Secure Digital Markets is committed to deterring and combatting money laundering/terrorist financing in our systems and the world at large
    • Secure Digital Markets has adopted a risk-based approach and compliance strategy that is approved by executives
    • Per this policy, and other related policies, Secure Digital Markets is committed to full compliance with requirements that are designed to deter and detect actual/potential money laundering/terrorist financing (ML/TF) as well as other activities that enable/facilitate OR are related to ML/TF such as fraud
    • Secure Digital Markets encourages and actively develops an internal culture of compliance and ethics among staff, see other policies for details
    • Secure Digital Markets dedicates resources to compliance and risk management including implementing the below recommendations from FINTRAC for a sufficient compliance regime:
      • Appointment of a dedicated, knowledgeable Head of Compliance
      • Development and maintenance of a risk management program
      • Documented training program for all Secure Digital Markets staff
      • Development and application of internal policies, processes and other initiatives directly related to anti-money laundering/counter terrorist financing
      • Regularly scheduled independent reviews to assess the efficacy and relevance of the regime
      • Secure Digital Markets recognizes that part of any effective compliance regime is protection for those who comply or attempt to comply in good faith
    • Secure Digital Markets supports the requirement for personnel to identify and report suspicious or otherwise reportable transactions to FINTRAC and will attempt to protect said staff from civil and criminal proceedings where possible

    4 SECURE DIGITAL MARKETS COMPLIANCE REGIME

    4.1 FINTRAC GUIDELINES

    • The PCMLTFA requires the appointment of a designated Compliance Officer to oversee the compliance regime
    • The Chief Compliance Officer is responsible for managing the day-to-day compliance and anti- money laundering activities of the business and acts independently from all other departments/divisions reporting directly to the executive
    • Duties and responsibilities of the Chief Compliance officer include, but are not limited to:
      • Administer and implement the risk management policies of the organization as a whole
      • Oversee customer intake as it relates to any parties utilizing MSB services
      • Complete risk assessments of new markets, industries, and clients as required
      • Review external partnerships with vendors, acquirers, and other parties to ensure they are a fit for the risk appetite, brand, and policies of Secure Digital Markets
      • Monitor regulations in major jurisdictions and industries where Secure Digital Markets, and their clients, conduct business for material changes
      • Ensure policy suite is up to date and commensurate with regulation in industries/markets serviced
      • Conduct periodic risk assessments and mitigate/avoid/transfer risk accordingly
      • Administer AML training to all staff
      • Engage in ongoing monitoring of transactions, web presence, websites, and reputation of Secure Digital Markets and its clients to detect/act on suspicious activity
      • Co-ordinate periodic independent reviews of the compliance regime
      • Respond to 3rd party requests for information from law enforcement, regulatory bodies, and other external parties
      • Report to management on compliance activities and the status of the compliance regime as a whole
      • Engage in account opening and maintenance with suppliers and vendors
      • Respond to requests for information about corporate structure, ownership and licensing from suppliers
      • Delegate any of these tasks, or related tasks, to junior Compliance staff and oversee their administration and completion

    Secure Digital Markets Appointment of Compliance Officers

    DateRoleAppointment Contact
    June 1, 2020Chief Compliance OfficerRyan Mueller ryan@securedigitalmarkets.com
    January 1, 2021Chief Compliance OfficerAlexandra Dohi alex@gda.capital
    January 1, 2021Deputy Compliance OfficerRyan Mueller
    July 12, 2021Chief Compliance OfficerSanjay Duggal sanjay@securedigitalmarkets.com
    • The Secure Digital Markets policy suite directly related to AML-CTF and risk management is as follows:
    • AML – CTF Policy
    • Client Acceptance Policy
    • Country Acceptance Policy
    • Document Retention Policy
    • Compliance Monitoring Process
    • Client Intake Process
    • Anti-Bribery, Corruption, Gifts, Hospitality Policy
    • Coin & Token Listing Policy
    • Secure Digital Markets employs a risk-based approach and therefore development and implementation of the compliance program is informed by the risk appetite of Secure Digital Markets and its strategic partners
    • In accordance with regulations the Compliance team conducts risk assessments specifically related to money laundering and terrorist financing risks
    • Incident to the risk assessment process the Compliance team makes and implements recommendations to diminish risk to an acceptable level
    • Where risk cannot be sufficiently mitigated/transferred/avoided Secure Digital Markets may decline to engage in the risky activity
    • This risk assessment process considers the following items:
      • Where are clients located?
        • Where are their end customers located?
      • How is service provided to these clients? (Electronically, in person, )
      • Types of service offered to clients
    • Types of clients serviced
    • Type of customers using the service
    • Effective risk assessment and mitigation is critical to maintaining positive associations/perceptions of the Secure Digital Markets brand, maintaining positive relations with our external partners including banks and payment processors, avoiding any negative effect on our brand, ensuring we do not contravene the PCMLTFA or other salient regulations and finally, deterring and decreasing the amount of illicit activity in the world at large
    • This risk assessment provides a high-level view of Secure Digital Markets current position regarding industries serviced, geographies serviced, customer intake and service delivery
    • Note that this assessment may not be exhaustive/current, but all efforts are made to ensure it is regularly revisited and updated
    • Further note that Secure Digital Markets does not accept cash from clients or end customers
      • All fiat funds are received from known banks via wire, online bill payment, or other method
      • All crypto currencies are received wallet to wallet
    • Secure Digital Markets does not enter into agreements with, nor use the services of, any shell banks or corporations

    Business Based Risk

    IndustryRisk CommentRisk Rating
    Low risk retail services (any tangible product including food/perishables, clothing, jewelry, etc.)Clients may allow cash payments thereby increasing risk of illegal placement of fundsMedium
     Cash is not directly accepted by Secure Digital Markets; clients pay Secure Digital Markets using bank wireLow
     Ownership of funds is reasonably assured for all purchasesMedium
     All funds, client and customer inclusive, are processed through recognized/reputable financial institutionsLow
     Payments are to/from clients that have passed Secure DigitalLow
     Markets due diligence procedure 
    Number and value of transactions are monitored and, where necessary controlled, maximum transaction value can be limited where requiredLow
    Specific source of funds may not be known but all funds come from recognized financial institutionsLow
    Some customer payments could exceed $10,000.00, a recognized risk threshold and reporting threshold in cash transactions/travelMedium
    May be difficult to ascertain if transactions are conducted for a third partyMedium
    SDM will not transact with shell entities or shell banksLow
    Clients with locations in high risk and/or non-compliant jurisdictions are not acceptedMedium
    Clients that are a match to any regulatory or government watch list in the world are not serviced under any circumstanceLow
    High risk industries/locations (liquor stores, check cashing and payday loan, jewelry stores, precious metal dealers, pawn shops, MSBs, crypto companies etc.)

    No cash payments allowed thereby reducing risk of illegal placement of funds

    All funds, client and customer inclusive, are processed through recognized/reputable financial institutions and/or payment processors

    Payments are to/from clients that have passed Secure Digital

    Low

    Low

    Low

     Markets due diligence procedure 
    Number and value of transactions are monitored and, where necessary controlled, high value transactions and high-volume repeat customers are subject to review and reporting where relevantLow
    Specific source of funds is not known but all funds come from recognized financial institutionsMedium
    Some customer payments exceed $10,000.00, a recognized risk threshold and reporting threshold in cash transactions/travel guidelinesMedium
    Ultimate beneficial owners of clients may reside in or frequent restricted or banned locations without the knowledge of Secure Digital MarketsMedium
    May be difficult to ascertain if transactions are conducted for a third partyMedium – High
    Client performs all verification and fraud management steps prior to accepting transactionMedium – High
    SDM will not transact with shell entities or shell banksLow
    Clients with locations in high risk and/or non-compliant jurisdictions are not acceptedLow
    Clients that are a match to any regulatory or government watch list in the world are not serviced under any circumstanceLow
     Low
     Clients KYC/AML policies are reviewed prior to approval 
    Bitcoin and other crypto minersCrypto is mined and sold to SDM directly after miningLow
     Cash is not involved in these transactionsLow
     All funds, client and customer inclusive, are processed through recognized/reputable financial institutionsLow
     Payments are for services provided by clients that have passed Secure Digital Markets due diligence procedureLow
     Specific source of funds is not known but majority of funds come from recognized financial institutions and/or are traceable on the blockchainLow
     Some customer payments could exceed $10,000.00, a recognized risk threshold and reporting thresholdLow
     May be difficult to ascertain if transactions are conducted for a third partyMedium
     Clients with locations in high risk and/or non-compliant jurisdictions are not acceptedLow
     Clients that are a match to any regulatory or government watch list in the world are not serviced under any circumstanceLow
    Brokerage, capital funds, trading desks

    No cash payments allowed thereby reducing risk of illegal placement of funds

    All funds, client and customer inclusive, are processed

    Low

    Low

     through recognized/reputable financial institutions 
    Payments are for services provided by clients that have passed Secure Digital Markets due diligence procedureLow
    Number and value of transactions are monitored and, where necessary controlled, high value transactions and high-volume repeat customers are subject to review and reporting where relevantLow
    Specific source of funds is not known but all funds come from recognized financial institutionsMedium
    Some customer payments exceed $10,000.00, a recognized risk threshold and reporting thresholdMedium
    Ultimate beneficial owners of clients may reside in or frequent restricted or banned locations without the knowledge of Secure Digital MarketsMedium
    May be difficult to ascertain if transactions are conducted for a third partyMedium – High
    Clients with locations in high risk and/or non-compliant jurisdictions are not acceptedLow
    Clients that are a match to any regulatory or government watch list in the world are not serviced under any circumstanceLow
    Any tokens, coins, or other assets that have not been
    granted a securities exemption
    Low
     are only traded on exchanges and platforms that support
    them, not directly supported by SDM
     
    ATM OperatorsNo cash directly accepted from ATM operators, only purchases of crypto from wireLow
     All funds, client and customer inclusive, are processed through recognized/reputable financial institutions and/or payment processorsLow
     Payments are for services provided by clients that have passed Secure Digital Markets due diligence procedureLow
     Number and value of transactions are monitored and, where necessary controlled, high value transactions and high-volume repeat customers are subject to review and reporting where relevantLow
     Specific source of funds is not known but all funds come from recognized financial institutions and/or payment processorsMedium
     Some customer payments exceed $10,000.00, a recognized risk threshold and reporting thresholdMedium
     Ultimate beneficial owners of clients may reside in or frequent restricted or banned locations without the knowledge of Secure Digital MarketsMedium
     May be difficult to ascertain if transactions are conducted for a third partyMedium – High
     Clients with locations in high risk and/or non-compliant jurisdictions are not acceptedLow
    Clients that are a match to any regulatory or government watch list in the world are not serviced under any circumstanceLow
    ATM operators are reviewed for appropriate licensing in their jurisdiction prior to provision of serviceLow
    ATM operators are serviced on a liquidity basis only, we do not accept third party wires or cash, only sell crypto currency to ATM operatorsMedium
    All ATM operators are subject to enhanced due diligence at onboarding including review of policies/procedures and their
    Compliance staff
    Medium

    Payment Risk

    Payment InstrumentRisk CommentRisk Rating
    Credit Cards
    · American Express
    · China Union Pay
    · Diners
    · MasterCard
    · Visa
    Credit card payments are not directly accepted at presentLow
    Debit CardsDebit card payments are not directly accepted at presentLow
    Bank WiresWires are not accepted from high risk countries or shell banks decreasing the risk of ML/TFLow
     Ultimate source of funds is not known for wire clients, but funds pass through a known/reputable FIMedium
     Service is only provided to clients that have validated their identity to an acceptable levelLow
     Number and value of transactions are monitored and, where necessary controlled.
    High volume clients may be subject to enhanced due diligence.
    Low
     Ultimate beneficial owners of clients may reside in or frequent restricted or banned locations without the knowledge of Secure Digital Markets.Low
     Clients with locations in high risk and/or non-compliant jurisdictions are not acceptedLow
     Client KYC is reviewed in detail prior to acceptanceLow
     Bank wire slips are reviewed, and name matching performed as well as purpose of payment, reference line, and other aspects stringently reviewedLow
     Customers that attempt high value wires in their first few transactions are subject to
    increased scrutiny and due diligence
    Low
    Vouchers – Flexepin, NeosurfVouchers are not accepted at this timeLow
    Bank DraftBank drafts are not accepted at this timeLow

    Location Risk

    Secure Digital Markets is a Canadian company primarily servicing the Canadian market. Location risk is assessed as negligible given that service is typically fulfilled to Canadian residents within Canada.
    Currently the majority of funds come to Secure Digital Markets from businesses and established banks and as such risk of funds originating in high risk jurisdictions is deemed to be minimal. Clients domiciled in other regions are subject to approval on a case by case basis. Regions outside Canada currently serviced are: UK, USA, Colombia, Malta, and Nigeria. Note that these clients/geographies are only serviced after our banking and liquidity partners have been pre-advised and approved the counterparties

    Operational Risk

    IssueRisk CommentRisk Rating
    Employee error

    Regularly scheduled AML training for all employees using an externally accredited training software

    Ongoing review of transactions for suspicious factors

    Low

    Medium

    Employee commits fraud

    System failure

    Team is cohesive and trusted

    Clients are reasonably validated and vetted prior to sales

    Employee accepts a bribe or other inducement to bend rules for a customer

    Backup servers, cloud storage etc. manage this risk

    Medium Low

    Medium

    Low

    Fraud Risk

    ScenarioRisk CommentRisk Rating
    Fraudulent Deposit/Purchase AttemptAll payments are bank to bank using wireLow
    3rd Party Transaction

    Clients are verified in full as part of the onboarding and due diligence process

    Brief phone interview with internal staff required prior to first transaction

    Low

    Low

    Client Impersonation or Hacked Phone/Device

    Crypto only fulfilled after successful test to any wallet

    All material changes (new wallet, change in protocol, new bank account) require verbal confirmation with client

    Clients nominate at least two points of contact for trading, all transactions confirmed

    Number and value of transactions are monitored and, where necessary controlled.
    Material change in activity may result in enhanced due diligence

    Where client has not traded for 90 days fresh due diligence is conducted AND first trade after dormancy verbally confirmed

    Verbal password employed on any high value ongoing client; verbal password must be confirmed for any trade to be executed

    Low Medium

    Low

    Low

    Low

    Low

    Client Charges Back or Otherwise Revokes Authorization for a Deposit/PurchaseBank wire slips are reviewed, and name matching performed as well as purpose of payment, reference line, and other aspects stringently reviewedLow
    Internal FraudEmployees provide clear background check at time of hiring and every calendar year thereafterLow
     Employees are well compensatedLow
     All wallets are multi-signature, all bank accounts are access controlledLow
     Team is trusted and cohesiveLow
     Ongoing internal monitoring conducted for warning signs of fraud such as living beyond means, addiction, etc.Low
     Employee referral to counselling services provided to manage risk caused by material change in life and/or circumstancesLow
     Whistleblower policy in effect including anonymous reportingLow
    • Based on the preceding assessment of risk factors the risk of money laundering/terrorist financing is rated as low
      • Transactions have been monitored for factors indicative of ML/TF since prior to current MSB registration and status
      • To date client reviews suggests that neither Secure Digital Markets nor their clients are being used for the purposes of money laundering/terrorist financing
      • PEP activity to date is logical and free of indicators of suspicious activity
      • There have been minimal fraudulent transactions to date with full investigation and reporting conducted by Secure Digital Markets Compliance
    • Elevated money laundering risk to Secure Digital Markets may exists in purchases made by cash, any trades involving brokers or other third parties, and in cross border transactions
      • No cash is accepted at this time
      • Brokers are not involved in contracting, onboarding, flow of funds, or fulfillment of purchases
      • Cross border and other high-risk transactions are not engaged in by Secure Digital Markets Canada without appropriate enhanced due diligence and KYC procedures
        • Only qualified counterparties with relevant licensing and acceptable compliance procedures are serviced cross border
      • Scheduled improvements to the Secure Digital Markets AML/CTF regime include:
        • Updated methods to collect and store customer KYC information
        • More comprehensive/ongoing watch list checking
        • Development of customer profiles for merchant/industry end customers and methods to identify deviation
    • There are several points at which client risk is assessed and mitigated accordingly
    • These are:
      • Client intake and due diligence
      • Identification of customers
      • Enhanced due diligence for high risk clients
      • Ongoing client monitoring
        • Customer transaction monitoring and risk assessment
        • Renewed due diligence at any material change
      • Many of the controls outlined below are described to a high level of detail in other documents, please consult earlier sections of this document or the updated policy table for further information
      • It is Secure Digital Markets policy to conduct due diligence via the customer intake process on all clients regardless of their risk profile, references, or history with brokers, acquirers and other 3rd parties that may be known to Secure Digital
    • Full information regarding the client/merchant intake process is contained within Customer Intake 2, this typically includes:

    · Clients/Vendors

    • Confirmation of a client’s business information/incorporation details
      • Validation of the entity’s current status in state/provincial/federal register
      • Where client is deemed high risk OR online validation is not readily available a copy of incorporation document may be requested
    • Identification of information related to the business’ reputation where possible
    • Assessment of the inherent risk presented by the product/industry
      • This addresses fulfillment times, prevailing regulations, product reputation, and other factors
    • Ownership of the business
      • Background checks on owners including watch lists, reputation, and business history
      • This includes using information in the public and private domains as well as conducting checks on watch lists and excluded party lists
    • Reason for account opening
    • Review of any websites associated to the business
    • Validation of the merchant address as compliant with VISA location guidelines/not a shell
    • Review of operational aspects of the business
    • Review of regulatory risks presented by the client’s industry and assessment of how to mitigate same
    • Where a prospective client is deemed potentially high-risk additional materials/information may be requested/reviewed including
      • Industry references
      • Copies of agreements with suppliers
      • Bank statements/references
      • Copy of incorporation document
      • Government issued identity documents for owners
      • Share certificates/registers
      • Copies of supply agreements
    • All traffic and transactions within the Secure Digital Markets systems are monitored by our Risk
    • Where concerning trends or suspicious indicators are present the client, and their customers, may be subject to more stringent reviews
    • Where transaction amounts are high, enhanced due diligence is conducted
    • STRs, LCTs or other reports will be filed according to internal process where required

    · Individual Customers

    • Secure Digital Markets issues negotiable instruments, bitcoin and other crypto currencies, to their customers in exchange for fiat currency, as such the attendant FINTRAC guidance applies
    • Secure Digital Markets is required to positively identify customers per FINTRAC guidance when:
      • $1,000.00 CAD (or equivalent) or more in funds have been moved by the MSB on behalf of the customer
      • A “business relationship” has been established, typically when 2 or more transactions have been carried out at the direction of a customer
    • In practice ALL customers are identified as Secure Digital Markets will not engage in transactions under $1,000.00 CAD
    • Secure Digital Markets directly collects the following from customers that are transacting above $1,000.00 in value or have made multiple purchases:
      • Name
      • Address
      • Date of birth
      • Occupation/source of funds
    • Additionally, a current/unexpired government issued photo ID should be sighted by the collected by Secure Digital Markets and the following recorded:
      • Document type
      • Document number
      • Place of issue
      • Date of issue
    • Where a customer is transacting with Secure Digital Markets directly using OTC services additional KYC and checks are including:
      • Validation of government issued photo ID
      • Current utility bill/bank statement/government mailing
      • Bank wire slip
      • Photo of customer with current date holding their identity document
    • For OTC trades Secure Digital Markets Compliance will review all information submitted in depth prior to client being serviced
    • Secure Digital Markets has implemented, and maintains, an ongoing AML-CTF training program to ensure all staff are familiar with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act and their obligations under this legislation
    • At minimum, all staff are required to complete this training when hired AND at least once annually
    • Training is administered internally and consists of dedicated content provided by a third-party vendor, ABC Solutions Inc
    • The program itself consists of modules and an online testing component
    • An 80% or better is required to pass, employees are able to take the test until they pass however if an employee fails to pass within one rewrite their access to systems and normal job duties may be limited
    • Additional training and awareness materials may be prepared and distributed by the Chief Compliance officer on an ad hoc basis
    • Employees are required to digitally confirm they have been provided with, read, and understood all AML training documentation
    • Secure Digital Markets shall facilitate regular independent reviews of their AML-CTF regime by qualified auditors when required by FINTRAC guidelines
    • This review will take place once every two years and will assess internal control, transaction processing systems, and procedures
    • Where issues/deficiencies are identified Secure Digital Markets will endeavor to remediate them in a timely fashion
    • A report of any completed audit will be retained for a minimum of 7 years and contain:
      • Description of the review’s scope
      • Review of policies and procedures
      • Review of current training program
      • Assessment of intake, record keeping, identity verification and other processes to ensure they are commensurate with FINTRAC guidance
      • Summary of any deficiencies
      • General findings
    • Chief Compliance Officer is responsible for the efficacy of the compliance program and will report on the external review to management within 30 days of completion
    • The first of these reviews is due by June 2022
    • Secure Digital Markets complies with the reporting requirements delineated by FINTRAC
    • Reports are stored electronically for a minimum of 7 years and can be made available within 30 days of any request by FINTRAC representatives
    • Required reports are completed by the Compliance team and submitted to FINTRAC accordingly
    • Suspicious Transaction Reports (STRs) and Attempted Suspicious Transaction Reports (ASTRs) are filed within 30 days of suspicion arising
    • Terrorist Property Reports are filed immediately upon confirmation that a transaction or transactions is confirmed as related to a known terrorist or terrorist organization
      • Notices may also be sent to RCMP and/or CSIS as dictated by FINTRAC
    • Where no transaction is confirmed but activity is considered related to terrorist property an STR/ASTR will be filed accordingly
    • Large cash transaction (LCT) reports are not filed as Secure Digital Markets does not accept cash directly
    • Non-SWIFT Electronic Funds Transfer Reports (NS-EFTR) are to be filed within 5 days of Secure Digital Markets processing the transaction according to the below:
      • A single, or group of transactions within a 24-hour period, that exceeds $10,000.00 CAD (or equivalent) and is processed to the benefit an entity/person outside Canada on behalf of a person/entity inside Canada
      • A single, or group of transactions within a 24-hour period, that exceeds $10,000.00 CAD (or equivalent) and is processed to the benefit an entity/person inside Canada on behalf of a person/entity outside Canada
    • Note that NS-EFTRs are rarely applicable to the activity of Secure Digital Markets, if ever
    • All reports filed with FINTRAC are confidential and Secure Digital Markets staff will refrain from disclosing any details of reports, including whether they have been filed, to customers/clients or any person who does have a reasonable need to be informed
    • Secure Digital Markets complies with the record keeping requirements delineated by FINTRAC
    • Reports are stored for a minimum of 7 years
    • Where documents are collected and stored pursuant to customer intake and transaction monitoring these are stored per Customer Document Retention Policy 0

     

    • Secure Digital Markets primary clients are business entities domiciled in Canada and end customers located in Canada
      • Clients in other jurisdictions are only serviced in the presence of enhanced due diligence and KYC measures
      • Typically, only licensed entities with sufficient compliance programs are serviced cross border
    • Secure Digital Markets offers services to clients in an online/non-face to face fashion and face to face fashion
    • The customer intake procedure applies to all clients regardless of application method and is guided by FINTRAC guidelines to identify organizations
    • Where dictated by risk level additional due diligence may apply
    • See Client Intake 0 for specific information
    • Organizations are confirmed via the relevant state/provincial/federal registry records, or by requesting a copy of the incorporation documentation from the client
    • Ownership is self-reported by the client
      • Where a client is designated high risk share certificates, or a shareholder register may be requested
    • Any individual that owns 25% or more of an organization needs to provide their full name and address at minimum
      • Clients may provide date of birth and identity document details, but these are not required
    • Owners are given the opportunity to self-report if they, or any of their staff, are politically exposed persons
    • Using World Check entity names and owners are checked against multiple watch lists including the OFAC SDN list and OSFI list
      • Where a possible match is identified additional information will be requested from the client and enhanced due diligence conducted
      • Secure Digital Markets does not knowingly transact with excluded parties
      • Positive matches will be denied service, all other outcomes result in enhanced due diligence and monitoring
    • A mandatary is a person that has been given the authority to conduct business for another
    • In the Secure Digital Markets business model, no mandataries are used
    • A mandatary may be used to validate information, such as identity information, of customers per FINTRAC guidance
    • Secure Digital Markets takes reasonable measures to independently determine if a client is designated as a:
      • Politically exposed person (PEP)
      • Politically exposed foreign person (PEFP)
      • Relative or close associate of a PEP/PEFP (RCA)
    • These measures apply to the following scenarios:
      • New client intake
      • New customer making a high value purchase, especially if via cash or voucher
      • Any transaction, or group of transactions within a 24-hour period, that exceeds

    $10,000.00 CAD or equivalent conducted by one individual

    • Where a transaction/group of transactions is suspected to have been conducted by a PEP/PEFP/RCA the transaction is reviewed with attention to:
      • Is the customer name a match to the OSFI/OFAC watch lists?
      • Can the customer identity be validated by public records or social media?
      • Does the purchase size make sense?
      • Where is the customer located? Where is the merchant located?
      • What payment instrument was used for the transaction? Is this a high-risk payment instrument?
    • If the customer is deemed to be a PEP/PEFP/RCA a record of the transaction will be prepared within 14 calendar days including:
      • Office or position of the customer/client
      • Source of funds (if known)
      • Date PEP/PEFP/RCA status confirmed
      • Source used to confirm client/customer status
      • Name of staff member that completed the review
      • Date the transaction(s) was reviewed
    • PEP activity will be reviewed on an ongoing basis to ensure risk is managed accordingly
    • Secure Digital Markets stores an electronic record of all transactions processed through our systems regardless of type, status, or amount
    • All transaction records are stored for a minimum of 7 years per FINTRAC guidelines, and will be stored for the lifetime of the Secure Digital Markets business unless a client/customer specifically requests the deletion of their information per the terms governing privacy and consent in their jurisdiction
    • Any questions regarding destruction of records can be directed to ryan@securedigitalmarkets.com
    • Secure Digital Markets reviews transactions daily to ensure transactions that present a risk of money laundering or terrorist financing based on location or amount are reviewed in full

    5 NEXT UPDATE

    • 01/09/21