Dear Global DOEX Users,
As a global professional crypto asset exchange, DOEX is committed to prioritizing user interests and promoting the healthy development of the industry. We fully comply with our obligations to prevent money laundering, terrorist financing, and proliferation financing, strictly adhering to laws and regulations, and firmly opposing financial crimes and other illegal activities.
For the safety of your assets and the stability of your transactions, please carefully read DOEX's AML (Anti-Money Laundering) and KYC (Know Your Customer) policies.
DOEX's AML/KYC Policies and Procedures
DOEX is dedicated to providing our customers with a secure, compliant, and reputable platform. In line with this commitment, DOEX has established a comprehensive and robust Anti-Money Laundering (“AML”), Counter-Terrorist Financing (“CTF”), and Counter-Proliferation Financing (“CPF”) program. This AML/CTF/CPF policy (“Policy”) aims to prevent and mitigate the potential risks of DOEX facilitating any illegal activities related to money laundering (“ML”), terrorist financing (“TF”), and proliferation financing (“PF”) during the provision of platform services. This Policy is intended for general informational purposes only and does not impose any legal obligations on DOEX or any other entity (natural or otherwise).
DOEX has primarily formulated this program based on the recommendations and international guidelines of the Financial Action Task Force (“FATF”), aiming to provide its customers with a safe, stable, and reliable virtual asset trading service. In addition to the FATF guidelines, DOEX has also considered relevant AML/CTF/CPF laws, regulations, amendments, and guidelines, including but not limited to:
- Anti-Money Laundering and Counter-Terrorist Financing Ordinance (“AML/CTF Ordinance”);
- Anti-Money Laundering and Counter-Terrorist Financing (National Risk Assessment) Regulations 2022;
- Anti-Money Laundering and Counter-Terrorist Financing (Countermeasures) Regulations 2022;
- Anti-Money Laundering and Counter-Terrorist Financing (Cross-Border Declarations) Regulations 2022;
- Beneficial Ownership Act 2020;
- Beneficial Ownership Regulations 2020;
- Prevention of Terrorism Act 2004;
- Counter Proliferation Financing Regulations 2021.
I. Principles and Methods of DOEX AML/KYC Operations
DOEX is committed to supporting AML/KYC operations. In principle, we are committed to:
- Conduct due diligence when dealing with our customers and natural persons appointed to act on behalf of our customers;
- Conducting business in accordance with high ethical standards and, to the greatest extent possible, preventing the establishment of any business relationship that is related to or could contribute to money laundering or terrorism financing;
- Assisting and cooperating with the relevant legal authorities, to the fullest extent possible, in order to prevent the threat of money laundering and terrorism financing.
II. DOEX's Risk Assessment and Mitigation Methods
Risk Assessment:
We anticipate that most of our customers will be retail customers, and as of the date of this policy, we primarily operate in the British Virgin Islands.
DOEX adopts a Risk-Based Approach (“RBA”) to determine the extent, frequency, or scope of customer due diligence measures and ongoing monitoring based on the assessed ML/TF/PF risks related to a customer or business relationship. Currently, there is no universally accepted method to specify the nature and scope of an RBA. However, an effective RBA involves identifying and categorizing ML/TF/PF risks at the customer level and developing reasonable measures based on the identified risks. An effective RBA will allow the company to make reasonable business judgments regarding its customers. RBA should not aim to prohibit the company from conducting transactions with customers or establishing business relationships with potential customers but should assist the company in effectively managing potential ML/TF/PF risks.
Broadly, the model for assessing customer risk status is based on the following factors:
1) Country Risk
The geographic location of the customer or the origin of business activities poses related risks. For individual users, DOEX considers the customer's nationality and country of residence when considering country risk. For institutional users, DOEX considers the registration location, main place of business, and geographic distribution of the customer's business when considering country risk. Country risk factors assess potential ML, TF, and PF risks based on each country's ML, TF, and PF control environment, including regulatory scrutiny and supervision, corruption, sanctions, etc. To identify such jurisdictions, reports from international organizations, including but not limited to:
- FATF High-Risk and Non-Cooperative Jurisdictions List;
- FATF Mutual Evaluation Reports;
- Transparency International Corruption Perceptions Index;
- OECD Country Risk Classification;
- U.S. Department of Treasury's OFAC Sanctions Lists, including the Specially Designated Nationals and Blocked Persons List (SDN);
- Basel AML Index.
Based on country risk, countries are classified as low, medium, high, and prohibited. This classification method comes from a range of reliable public information sources, including information released by FATF, OFAC, the UK, the EU, and United Nations sanctions lists.
2) Customer Risk
Different customers pose varying degrees of ML/TF/PF risks. DOEX considers various factors to determine a customer's level of ML/TF/PF risk, including but not limited to:
- Whether the customer is a publicly listed company or a private company;
- Whether the customer is regulated or unregulated;
- Whether the customer involves any complex structures that make it harder to identify the ultimate beneficial owner;
- Whether the customer uses nominee shareholders;
- Whether the customer issues bearer shares;
- Whether there are risks associated with Politically Exposed Persons (PEP);
- Whether the customer is engaged in any high-risk business activities;
- Whether the customer is associated with restricted countries and/or subject to sanctions, adverse media, and enforcement actions.
3) Product/Service Risk
Different products or services pose varying degrees of ML/TF/PF risks as customers may utilize products or services for ML/TF/PF. Therefore, DOEX considers the characteristics of its offered services and the extent to which they are susceptible to ML/TF/PF abuse, taking appropriate measures described in this policy to mitigate and manage identified risks.
4) Delivery/Distribution Channel Risk
DOEX also considers its delivery/distribution channels and the extent to which these channels are susceptible to ML/TF/PF abuse. If soliciting or contacting customers through online, email, phone, or social media channels without face-to-face contact, they generally face higher ML/TF/PF risks than customers contacted face-to-face. This is because face-to-face contact provides DOEX the opportunity to verify the customer's identity.
In this regard, we will make the following judgments and handling:
Customer Registration:
DOEX is committed to making decisions that enable its business and customers to act in a compliant and ethical manner. During registration, DOEX must identify each customer and the beneficial owners of accounts before opening any accounts, and no anonymous or fictitious accounts shall be opened or maintained. Thus, DOEX registers only those customers who meet established standards from a risk, compliance, and regulatory perspective.
A. Recording and/or Collecting Documents Regarding:
1) Individual Customers
To join DOEX, customers must provide satisfactory proof of identity. Customer identification must be obtained from documents issued by reliable sources, and copies of the documents and other relevant recorded details must be retained.
The customer's risk assessment will determine the information DOEX should obtain and whether this information should be independently verified.
DOEX will verify the collected identity information by referencing documents, data, or information provided by reliable and independent sources. Examples of such documents, data, or information include but are not limited to:
- Government-issued identification with an individual's photograph or other national ID cards;
- Valid travel documents (e.g., unexpired passport);
- Other relevant documents, data, or information provided by reliable and independent sources (e.g., documents issued by government agencies).
DOEX will retain copies of personal identification documents for record-keeping and use third-party identity verification systems to verify the authenticity of customers' identification documents and selfies.
DOEX will screen each applicant and any related entities and individuals against sanctions, PEP, and adverse media lists to identify potential sanctioned targets and PEPs.
2) Institutional Customers
The primary requirement is to identify individuals who have ultimate control over the business and institutional assets, paying particular attention to any shareholders or others with significant influence over company affairs. Measures should be taken before establishing a business relationship through company searches and/or other commercial investigations to ensure the applicant company has not been established or is not in the process of dissolution, deregistration, liquidation, or termination.
The customer's risk assessment will determine the information we should obtain and whether this information should be independently verified.
At a minimum, the following information should be obtained from institutional customers (as applicable):
- Full name of the institutional customer, including any aliases and trade names;
- Company registration number;
- Date of incorporation;
- Country of incorporation;
- For trusts, the governing jurisdiction;
- Type of legal entity, such as a corporation, partnership, trust, non-profit organization, unincorporated association, limited liability company, publicly listed company, or other types;
- Registered address;
- Principal place of business address;
- Description of the institutional customer's business and activities;
- Any licenses obtained for conducting business;
- Ownership and control structure showing ultimate beneficial owners;
- Location of headquarters, operating facilities, branches, and subsidiaries of the partnership;
- Full names of directors/partners/managers/trustees (as applicable), including any aliases, and unique identification numbers (e.g., ID or valid passport number) and residential addresses;
- Full names of account authorized signatories and any other natural persons acting on behalf of the institutional customer, including any aliases, and unique identification numbers (e.g., ID or valid passport number) and residential addresses;
- Contact details of authorized signatories and other persons acting on behalf of the customer;
- Board resolution or other authorization documents authorizing the opening of accounts and confirming each authorized signatory and/or other natural persons acting on behalf of the institutional customer;
- Statement of the source of funds, etc.;
- Full names of the account beneficial owners (including any aliases) and unique identification numbers (e.g., ID or valid passport number) and residential addresses.
B. Ensure, to the best of our knowledge, skills, and abilities, that our customers, connected persons of our customers, natural persons appointed to act on behalf of our customers, and beneficial owners of our customers are assessed and screened with the assistance of lists of designated individuals and entities for (but not limited to):
- Bulgaria;
- Burkina Faso;
- Cameroon;
- Croatia;
- Democratic Republic of the Congo;
- Haiti;
- Kenya;
- Mali;
- Monaco;
- Mozambique;
- Namibia;
- Nigeria;
- Philippines;
- Senegal;
- South Africa;
- South Sudan;
- Syria;
- Tanzania;
- Venezuela;
- Vietnam;
- Yemen.
C. Unacceptable Customer Types:
DOEX will not accept the following types of customers and establish business relationships with them:
1) Shell banks;
2) Entities or individuals appearing on relevant sanctions lists and blacklists, including OFAC and SDN lists;
3) Customers who fail or refuse to provide all necessary KYC information and data to verify their identity and establish their economic status without valid reasons;
4) Entities issuing bearer shares;
5) Unapproved PEPs and senior management;
6) Residents of countries/regions to which DOEX does not provide services and/or products for regulatory or compliance purposes;
7) Customers involved in criminal activities, including but not limited to money laundering, terrorist financing, proliferation financing, tax evasion, and corruption;
8) Customers from high-risk non-cooperative jurisdictions;
9) Customers involved in purchasing and/or selling products/services on dark web markets.
Please note that the above list is not exhaustive, and DOEX will consider whether to establish business relationships on a case-by-case basis.
III. Risks Associated with New Products, Practices, and Technological Approaches
We will provide appropriate advice on identifying and assessing money laundering (ML) and terrorist financing (TF) risks that may arise from:
- The development of new products and new business practices, including new delivery mechanisms;
- The use of new or developing technologies for new and existing products.
We will pay particular attention to any new products and business practices that favor anonymity, including new delivery mechanisms, and new or developing technologies such as digital tokens (whether securities, payment, or utility tokens) that favor anonymity.
IV. Due Diligence (DD)
DOEX employs a robust customer due diligence process to verify user identities. DOEX initiates the KYC process at the beginning of every customer relationship. DOEX does not allow any anonymous accounts to trade or use its services, and users cannot trade until they have completed DOEX’s mandatory KYC registration process. DOEX will not accept entities with unclear beneficial ownership structures or entities from prohibited/sanctioned regions.
Depending on the customer’s anti-money laundering (AML) risk rating and other risk characteristics, DD is divided into three levels:
1. Customer Due Diligence (CDD)
2. Simplified Due Diligence (SDD)
3. Enhanced Due Diligence (EDD)
Customer Due Diligence (CDD)
CDD is a process that includes:
1. Identifying the customer using reliable, independent source documents, data, or information.
2. Determining the ultimate beneficial owner (UBO) and taking reasonable measures to verify the UBO’s identity, ensuring DOEX knows who the UBO is. For legal persons and arrangements, this includes taking reasonable measures to understand the ownership and control structure of the customer.
3. Identifying any person claiming to act on behalf of the customer and verifying their authority to do so.
4. Obtaining information on the purpose and intended nature of the business relationship.
5. Where applicable, obtaining, recording, and verifying other KYC information about the customer, including but not limited to source of funds, source of wealth, account purpose, expected activity, and investment objectives.
6. Conducting ongoing due diligence on the business relationship and monitoring transactions throughout the relationship to ensure that transactions are consistent with DOEX’s knowledge of the customer, their business, and risk profile, including, where necessary, the source of funds.
7. Applying DD to all customers who meet standard due diligence requirements (i.e., CDD) unless the customer qualifies for DOEX’s SDD measures.
Simplified Due Diligence (SDD)
SDD should only apply to customers who:
1. Pose a low risk of ML/TF;
2. Are regulated financial institutions, investment vehicles, or listed companies in FATF member countries, or government or public bodies;
3. Have been screened for name matches;
4. Do not exhibit suspicious indicators or red flags.
Customers qualifying for SDD are not required to identify and verify the UBO. However, other aspects of CDD must be performed, and the business relationship must still be monitored. SDD should not be applied in situations where there is knowledge, belief, or suspicion of ML, TF, or PF, regardless of the size and nature of the transaction or customer. Additionally, SDD should not be applied in any higher-risk situations or factors.
In applying SDD, DOEX may still:
1. Identify the customer and verify the customer’s identity;
2. Obtain information on the purpose and intended nature of the business relationship with DOEX;
3. Identify and take reasonable measures to verify the authority of any person claiming to act on behalf of the customer.
Enhanced Due Diligence (EDD)
DOEX must apply EDD measures:
1. For Politically Exposed Persons (PEPs), their family members, and close associates, whether they are customers or UBOs;
2. When higher ML/TF/PF risks are identified according to the customer risk assessment;
3. When higher ML/TF/PF risks are determined through regulatory guidance;
4. When adverse media confirms negative impacts on the customer;
5. When the customer is from a high-risk jurisdiction in terms of residence, nationality, or economic activity;
6. When any unusual or suspicious activity occurs.
The above is not an exhaustive list of scenarios requiring EDD. For business relationships or transactions involving higher risks, DOEX must apply the following EDD measures:
1. Obtaining additional information about the customer and UBOs;
2. Obtaining additional information about the intended nature of the business relationship;
3. Obtaining information on the source of funds and wealth of the customer and UBOs;
4. Obtaining information on the reasons for intended or performed transactions;
5. Enhancing monitoring of the business relationship by increasing the number and timing of controls applied and selecting patterns of transactions that require further examination.
V. Ongoing Monitoring
DOEX will continuously monitor its business relationships with customers. The level of ongoing monitoring will be proportionate to the risk rating assigned to the customer by DOEX and will include the following actions:
1. Monitoring customer transactions and activities to detect suspicious transactions, including ensuring DOEX has processes to detect, assess, and, where appropriate, submit Suspicious Transaction Reports (STRs);
2. Keeping customer information up to date, including beneficial ownership and screening results, and the purpose and intended nature of the business relationship;
3. Reassessing the risk level associated with customer transactions and activities;
4. Determining whether customer transactions or activities are consistent with the information previously obtained about the customer, including their risk profile.
Regular Reviews
DOEX requires regular reviews of customer information to ensure that information held in the customer KYC profile is current and accurate. DOEX will achieve this through reviewing customer documents, data, and information at different intervals, conducting appropriate reviews of transactions performed for the customer, and assessing the business risk profile and source of funds of the customer. This will enable DOEX to determine whether ongoing transactions are consistent with DOEX’s knowledge of the customer, their business, and their risk profile.
DOEX will pay particular attention to any of the following activities:
- Complex transactions.
- Unusually large transactions.
- Transactions conducted in an unusual manner.
- Transactions with no apparent economic or lawful purpose.
The frequency of regular reviews depends on the customer’s risk assessment as follows:
Customer Risk Level | Review Frequency |
Low Risk | Every 3 years or upon trigger |
Medium Risk | Every 2 years or upon trigger |
High Risk | Annually or upon trigger |
If any changes occur in customer information, the updated information should be reflected in the customer’s KYC profile. For significant changes (e.g., change of industry, change of country of incorporation), the customer risk assessment will be updated. Furthermore, any changes should trigger a re-screening process.
If a customer's risk rating increases and the customer is reclassified as high risk, additional due diligence (i.e., EDD) should be conducted according to the updated risk rating.
Trigger Reviews
DOEX must ensure that documents, data, and information obtained for DD purposes are kept up to date. Events that trigger the update of DD information must include (non-exhaustive):
- Changes in the customer's location.
- Changes in the actual ownership of the customer.
- Information inconsistent with DOEX’s knowledge of the customer.
Event-driven reviews may also be triggered by factors including (non-exhaustive):
- Significant transactions (relative to the relationship).
- Transactions inconsistent with previous activities.
- Significant changes in key position holders.
- Involvement of PEPs.
- Significant changes in the customer’s business activities (including new business in new countries).
- Knowledge, suspicion, or concern (e.g., doubt about the authenticity of provided information). If an STR has been filed, caution must be exercised to avoid any disclosures that could constitute tipping off.
- Multiple users sharing the same IP address and/or device.
DOEX will also require each customer it has a business relationship with to update their KYC information, including but not limited to identification documents, beneficial ownership, etc. For low-risk customers, these updates will occur every three (3) years, for medium-risk customers every two (2) years, and for high-risk customers annually. When updating this information, DOEX will also consider whether the customer’s transactions and activities are consistent with DOEX’s understanding of the customer's business and activities and will update records accordingly, listing the purpose and intended nature of DOEX’s business relationship with the customer.
Based on the updated information, DOEX will reassess and assign a risk level to the customer to detect changes in customer circumstances that may make the business relationship undesirable or expose DOEX to higher ML/TF/PF risks. If the reassessment indicates that additional information or documentation must be obtained from the customer, the customer will be required to provide such additional information or documentation.
DOEX will continue ongoing monitoring until the business relationship with the customer ends. The business relationship ends seven (7) years after the customer closes their last account with DOEX.
Enhanced Measures for High-Risk Customers
In addition to the ongoing monitoring measures and enhanced customer identification measures described in this policy, DOEX will require each high-risk customer it has a business relationship with to update their information, such as identification and beneficial ownership, annually after onboarding.
De-Risking High-Risk Customers
As part of the annual update process, DOEX will decide whether to maintain the relationship with the customer. It will also coordinate analysis of customer and transaction data to identify trends and other indicators of suspicious activity to improve controls over businesses marked as high-risk activities. DOEX will restrict or deny accounts that exceed its risk tolerance.
If DOEX decides to de-risk a customer, this will result in the closure of the customer's account, and the customer will be restricted from using DOEX’s services. Ongoing monitoring requirements, including monitoring de-risked customers due to adverse media and determining whether an
VI. Record Keeping
DOEX is committed to an environment where all types of records can be promptly retrieved, with all documents stored electronically.
DOEX will retain copies of the following documents and records:
1) Copies or references obtained during customer due diligence measures, including account files, business correspondence, and copies of all documents verifying the identity of customers and beneficial owners.
2) Initial and ongoing customer risk assessment audit trails.
3) Details of customer transactions.
4) Details of actions taken in response to internal and external suspicious activity reports within seven years from establishment.
5) Information considered in relation to potential suspicious internal reports by the Anti-Money Laundering Office within seven years from establishment if no suspicious transaction report was filed.
6) Anti-money laundering/counter-terrorism financing/central provident fund-related training.
7) Anti-money laundering/counter-terrorism financing/central provident fund-related reports.
Records shall be maintained for at least seven (7) years from the following dates:
1) Date of obtaining evidence of someone's identity.
2) Date of any transaction or communication related to a customer.
3) Date of termination of the business relationship.
The purpose of record retention is to maintain audit trails to assist DOEX and authorities in investigating any allegations of ML/TF/PF, to facilitate financial inquiries, and to ensure that criminal funds do not enter the financial system, otherwise detectable and confiscatable by authorities. Records established and kept for these purposes should be sufficient to allow financial intelligence units and other relevant authorities to reconstruct transactions promptly. The manner and form of record keeping should enable DOEX to promptly comply with information requests from law enforcement or financial intelligence agencies.
If retention of any records is required, a copy should be kept and appropriate backup and recovery procedures adopted:
1) Retained in machine-readable form if easy generation of paper copies is feasible.
2) Retained in electronic form if easy generation of paper copies is feasible, and the retention method should allow for proper authentication.
Information regarding customers must be kept as current as possible. It must be ensured that customer information (such as personal and financial status, and changes in address or employment) remains up-to-date.
VII. Suspicious Transaction Reports (STR)
DOEX is dedicated to preventing and detecting activities that may jeopardize the safety and well-being of DOEX personnel and its serviced community. DOEX recognizes the critical importance of vigilance, early detection, and timely reporting in combating potential threats.
DOEX aims to establish systems and a consistent approach to identify, record, and report suspicious activities, enabling appropriate investigations and necessary actions to effectively mitigate risks and cooperate with financial intelligence units and relevant authorities.
VIII. Employee Screening and Training
A. Employee Screening
The employee recruitment process must include reputation analysis to ensure that employees and officials align with DOEX's ethical and reputational standards and commitments to combating terrorism financing, proliferation financing, money laundering, and concealment of assets, rights, and property crimes. Background checks are conducted on all employees to ensure clarity of background for each hired employee. Employees are subject to monitoring to prevent fraudulent activities and ensure the effectiveness of AML/CTF/CPF policies and procedures.
B. Training
Training is a critical component of DOEX's anti-money laundering program. DOEX will develop and document a plan for ongoing compliance training and its delivery, ensuring authorized representatives of DOEX are adequately trained to understand all applicable AML/CTF/CPF legal requirements. Employees who interact with customers, engage in any way in customer transaction activities, or are responsible for overseeing anti-money laundering programs (e.g., senior management, IT personnel) must complete anti-money laundering training.
Training aims to foster a compliance culture within DOEX. All affected personnel are required to undergo training at least annually. New hires at DOEX or those assuming relevant positions must complete training as part of their onboarding process before interacting with customers.
Training programs will be tailored to the roles and responsibilities of appropriate employees and will include the following topics:
(1) Understanding money laundering, terrorist financing, and proliferation financing.
(2) Overview of the importance of anti-money laundering/counter-terrorism financing/central provident fund policies.
(3) Requirements of this policy and relevant procedures and controls.
(4) Recent developments and changes in relevant laws and regulations.
(5) Consequences of non-compliance with this policy and legal requirements and risks faced by DOEX.
(6) Emphasis on senior management and board commitment to continuing education, training, and compliance.
(7) Recognizing common indicators of suspicious transactions related to money laundering, terrorist financing, and proliferation financing, including examples of different forms of suspicious transactions and methods of reporting.
Annual refresher training (or more frequent as needed) is crucial to ensure all employees (i) understand their ongoing obligations under applicable laws and regulations; (ii) comprehend requirements outlined in this policy; (iii) are informed about trends in money laundering, terrorist financing, and proliferation financing within the industry, as well as any new or amended legislative requirements.
Additional training will be provided to any anti-money laundering officers collaborating with DOEX to provide ongoing education ensuring awareness of their roles and responsibilities in maintaining effective anti-money laundering programs to mitigate AML/CTF/CPF risks, including trends involving cryptocurrencies and cryptocurrency exchanges/platforms/counters.
Anti-money laundering/counter-terrorism financing/central provident fund (AML/CTF/CPF) training materials will be reviewed by the Money Laundering Reporting Officer (MLRO) before delivery. The MLRO is responsible for determining the method and format of training. Training may be delivered through face-to-face presentations, employee meetings, module testing, teleconferences, videos, or online training. The effectiveness of the training program will be tested by requiring trainees to complete quizzes containing a series of questions to ensure a basic understanding of regulatory responsibilities and compliance.
Training and testing materials, training session dates, and attendance records will be maintained in writing. The MLRO is responsible for ensuring the training program remains current and accurately reflects new legislative and regulatory developments, maintaining records of all compliance training sessions provided to employees or representatives of DOEX, including updated training logs for follow-up on any missed training.
IX. Policy Review
This policy will be reviewed at least annually to test its effectiveness and assess whether DOEX's practices comply with legislative and regulatory requirements.
DOEX will also review this policy if:
- There are any significant changes in law or practice.
- DOEX identifies or is alerted to deficiencies in this policy.
- Changes in DOEX's business, clients, or other factors affect this policy.
DOEX Team
June 25, 2024
Follow us on
X | Telegram | YouTube | Instagram | Medium
Comments
0 comments
Article is closed for comments.