AML/KYC Policy

Company Overview

VISANEX LIMITED is duly incorporated in Hong Kong. Money remittance services operate legally under the Money Service Operator license issued by the Customs and Excise Department.

AML/CTF Obligations

VISANEX LIMITED adheres to current and upcoming duties under Hong Kong’s Anti-Money Laundering and Counter-Terrorist Financing (AML/CTF) framework. This includes Anti-Money Laundering and Terrorist Financing Guidelines, Chapter 615 “Anti-Money Laundering and Terrorist Financing Ordinance” (AMLO) Article 7, plus related statutory/regulatory rules. Money service operators must follow these AML/CTF Guidelines per AMLO provisions, facing disciplinary measures for non-compliance.

Money laundering typically unfolds in 3 stages, often spanning multiple transactions — operators must spot potential criminal indicators:

• (a) Placement: Depositing illegal cash proceeds.
• (b) Layering: Complex, multi-step transactions to detach illicit funds from origins, hide trails, and mask owners.
• (c) Integration: Legitimizing dirty money by reintroducing it into the economy, mimicking lawful business gains.

Schedule 1, Part 1, Section 1 of AMLO defines “terrorist financing” as:
(a) Directly/indirectly providing/collecting property —
i. Intending its use (full/partial) for terrorism (regardless of actual use), or
ii. Knowing it will fund terrorism (regardless of actual use).
(b) Knowing/recklessly ignoring if someone is a terrorist/terrorist associate: Supplying them property/services directly/indirectly.
(c) Knowing/recklessly ignoring terrorist status: Raising funds for their benefit.

Terrorists/groups need funding to operate and often mask sources (even legitimate ones) via laundering to evade detection.

General Provisions

These procedures for AML/CTF prevention and sanctions compliance set client screening standards to block suspected laundering/financing deals, identify/report risks as determined by VISANEX LIMITED. This AML/KYC Policy applies to all money/financial transactions. Rules draw from applicable AML/KYC laws and global sanctions.

Legal Framework

Policy aligns with:

• Hong Kong’s Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Cap. 615)
• Hong Kong Monetary Authority (HKMA) Guidelines
• PRC Anti-Money Laundering Law (中华人民共和国反洗钱法)
• PBOC Administrative Measures for Client Identity ID and Due Diligence

Due Diligence Application

VISANEX LIMITED assesses and applies due diligence based on global/national risk evaluations. Depending on client risk level and relationship stage (new/existing), we use standard, simplified, or enhanced KYC/AML — plus ongoing monitoring.

KYC/AML steps include (not exhaustive):

• ID’ing clients and verifying via reliable/independent sources/docs/data (e.g., e-ID).
• Gauging/assessing business relationship purpose.
• Continuous KYC/AML to validate client details/fund sources.
• Checking PEP status (or family/close associates).
• Gathering third-party info (e.g., authorities).

Customer Due Diligence (CDD)

• ID & Verification: Confirm identities pre-relationship/transaction via reliable sources.
• Beneficial Owners: Pinpoint and verify them reasonably.
• Enhanced DD (EDD): For high-risk clients (PEPs, weak-AML countries).
• Ongoing Monitoring: Refresh data; scrutinize transactions against profiles.

Where fitting, establish client wealth sources. For KYC/AML compliance, VISANEX LIMITED (or delegates) can/must:

• Request ID docs.
• Seek activity/fund origin proofs.
• Profile risks, pick measures, flag laundering/financing potential.
• Re-ID if initial data doubts arise.

Ongoing KYC/AML ensures constant monitoring:

• Update CDD docs/data.
• Watch for suspicious actions signaling crime/laundering/financing.
• Scrutinize complex/unusual transactions.

VISANEX LIMITED reviews client activity nature/purpose to detect laundering links — yielding insights on relationship goals, business type, risks, fund sources. Senior management oversees company-wide ML risks and mitigation.

Enhanced Due Diligence (EDD)

The VISANEX LIMITED Enhanced Due Diligence (EDD) process is designed to gather comprehensive details to confirm transaction legitimacy and full compliance with regulatory standards.

In practice, EDD involves:

• Taking appropriate actions to determine the source of the Client’s wealth — note that source of wealth differs from source of funds, referring to the activities generating a person’s overall net worth, such as income-generating and asset-building endeavors for the Client;
• Evaluating if verification of fund and wealth origins is needed, either directly from Clients or via independent channels (like online sources, public records, or commercial databases);
• Collecting extra CDD details (identity and relationship data);
• Implementing further checks to validate received CDD information;
• Scheduling more regular business relationship reviews (e.g., biannually);
• Performing intensified transaction oversight with reduced thresholds for operations;
• Lowering alert limits in automated systems specifically for PEPs;
• Carrying out adverse media reviews.

If during Client checks VISANEX LIMITED detects signs of money laundering or terrorist financing, and continued scrutiny might tip off transmission to regulators, VISANEX LIMITED can halt verification and decline the business relationship. Relevant details will then be reported to the Regulator per the “SAR Reporting” guidelines in this policy.

Identify and Obtain Information from Ultimate Beneficiaries

Potential clients must disclose if they are the ultimate beneficiary — discrepancies from stated info often arise. For legal entities, pinpointing ultimate beneficiaries proves challenging, yet the aim remains identifying the individual(s) ultimately owning/controlling the entity. Once identified, these persons complete full CDD themselves, not via nominees posing as owners. For nominee holdings, the RM requests legal proof of the setup, conducting CDD on both nominee and true beneficiaries.

Risk Management

Risk Identification: Spot ML/TF risks tied to customers, products/services, delivery methods, and geographic areas.

Risk Assessment and Controls: Conduct regular risk evaluations and deploy tailored controls by risk tier, including EDD for elevated categories.

Classification of Risks in Practice

VISANEX LIMITED AML policy follows a risk-based methodology. Every customer and prospect undergoes screening/analysis pre-transaction, with extra focus on higher ML-risk cases/transactions.

A risk model categorizes clients into:

1. Low risk; 2. Moderate risk; 3. High risk; 4. Very high risk; 5. Rejection.

RMs (primary contacts, often meeting clients in person) calculate risk scores pre-transaction via the Client Due Diligence Form: Part 1 filled by client (handwritten ideally), Part 2 as internal RM assessment post-interview. RM tallies scores and forwards to Compliance Officer for approval.

Risk Mitigation: Deploy risk-adjusted CDD, continuous monitoring, and suspicious activity reports.

Client Identification Process

Per GAMLCFT 4.14, CDD includes:
“(a) Identifying the customer and verifying identity via reliable, independent documents/data/info; (b) For beneficial owners, determining and reasonably verifying identity to satisfy FI knowledge, including ownership/control structures for entities/trusts; (c) Gathering purpose and intended nature info for the relationship…”

Before account opening, establish true customer identity: RMs collect AML pre-assessment form data plus docs for company risk review.

Core AML pre-assessment kit elements:

• ID docs (national ID, driver’s license, passport).
• Address proof (utility bills, 3-month bank statements).
• Income/asset proofs.
• Fully answered AML pre-approval form.

In personal interviews, RMs inspect original docs (ID/passport, address/income proofs), assessing genuineness — e.g., matching names, photo-to-person, consistent ID numbers.

Compliance with Confidentiality of Customer Information

All client personal data handled per PDPO and VISANEX LIMITED internal data policies.

RMs deliver ID docs directly to VISANEX LIMITED. Electronic transfers use only company email. Courier/third-party shipments require sealed envelopes marked “Confidential” with return address and recipient notice pre-delivery.

Compliance Officers verify CDD accuracy/authenticity on receipt — reject incomplete/erroneous submissions back to RM.

Politically Exposed Persons (PEP)

PEPs are individuals entrusted with prominent public roles who might exploit positions for laundering/predicate crimes like corruption/bribery. Given elevated risks, FATF urges extra AML/due diligence for PEP relationships.

VISANEX LIMITED leverages commercial tools/databases for PEP screening, integrating name checks into all initial KYC.

For confirmed PEPs (or proposed relationships), VISANEX LIMITED applies EDD, secures senior management approval (documented), before proceeding.

Sanction check

Merging sanctions lists and spotting restricted countries for Hong Kong and China requires several essential steps, since both regions follow international sanctions while potentially adding their own local limitations.

International Sanctions

Both China and Hong Kong comply with global sanctions from organizations such as the United Nations (UN). Here’s what needs attention:

United Nations Sanctions: Both areas implement UN sanctions, generally covering travel bans, asset freezes, and trade limitations targeting particular countries, persons, or organizations. Routinely visit the UN Security Council Sanctions Committees’ website for the latest updates.

Additional International Bodies: Take into account other global sanctions lists, for example from the USA (OFAC), EU, and similar, particularly if your operations involve cross-border activities or international payment networks.

China can apply its specific sanctions, crucial for companies based there.

Ministry of Commerce of China (MOFCOM): Review any nation-specific sanctions or trade curbs regularly updated by MOFCOM.

People’s Bank of China (PBOC): For financial sanctions, consult PBOC directives that could affect payment operations.

Hong Kong typically follows international sanctions and might add further steps guided by the Hong Kong Monetary Authority (HKMA):
HKMA: They issue instructions on applying financial sanctions and relevant lists for Hong Kong banks and financial firms.
Trade and Industry Department (TID): Handles trade sanctions and verification processes.

Lists of Restricted Countries

Export and Trade Controls: China and Hong Kong maintain rules on trading with select countries over security issues or global pacts. These appear frequently on Hong Kong’s TID website and China’s MOFCOM site.

Financial Sector Restrictions: Seek advice from HKMA and PBOC on financial bans linked to certain countries.

Regular Updates: Sanctions and restricted lists evolve with geopolitical shifts and fresh agreements. Set up a consistent review routine to monitor changes from official channels.

Integration with Internal Systems: Make sure the combined list feeds into your internal compliance and transaction screening tools. This enables instant checks and regulatory adherence.

Customer activity monitoring

VISANEX LIMITED must oversee business relationships and examine unusual, complicated, or elevated-risk transactions or actions to identify or block money laundering or terrorist financing.

As mandated by regulations, VISANEX LIMITED tracks transactions and builds profiles of customer spending patterns to spot:

• Complex and/or exceptionally large transactions;
• Unusual patterns lacking obvious economic or lawful intent;
• Any other actions which, per VISANEX LIMITED judgment, could link to money laundering or terrorist financing by their character.

An atypical transaction or action might appear mismatched to the anticipated pattern in a given business relationship or standard operations for the offered product or service type. This could signal money laundering, terrorist financing, or fraud if the transaction or action lacks evident economic or lawful purpose.

VISANEX LIMITED employs a monitoring system designed to meet these goals:

• Handling Customer data through automated oversight of identifying the Customer, beneficial owner, authorized representative, other Customers, and required fields essential for managing economic and personal operations;
• Categorizing Client risks, sustaining and applying a scoring mechanism to confirm assessment of Client risk elements, risk category identification, and assignment of suitable numeric scores;
• Client investigation and transaction monitoring, guaranteeing digital records of Due Diligence, storage and access to research outcomes, business intelligence, and user authorization levels in the monitoring system (e.g., read-only/edit permissions);
• Tracking “dormant” accounts via automatic detection and extra validation of transactions from or to dormant accounts;
• Employing sanctions lists by keeping intelligent sanctions lists current, refreshed, and applied;
• Detecting customers classified as politically exposed persons, their relatives, or close associates to PEPs (referred to as “PEP”), generating automatic alerts if customer data, true beneficiaries, or reps suggest potential PEP status;
• AML/CFT risk exposure evaluation, comparing summary AML/CFT risk metrics against prior periods and analyzing change trends.

Monitored traits might cover shifts in:

• Transaction character and category;
• Frequency and makeup of transaction sequences or groups;
• Transaction sizes, emphasizing notably large ones;
• Geographic sources/destinations for payments or receipts;
• Involved parties to block payments to/from sanctions-listed individuals;
• Customer’s typical operations or volume.

Customer transaction and activity monitoring follows a risk-focused method, with high-risk Customers facing intensified and more regular checks and observation. Monitoring spans the full Client relationship to verify transactions/activities align with Client KYC, business profile, fund origins, and wealth sources where needed.

Examination and written documentation of complex, atypical, large transactions or odd patterns is mandatory.

Virtual asset transactions get monitored by reviewing asset history with dedicated IT software.

If substantial changes occur in relationship foundations, VISANEX LIMITED performs extra steps to track Client activities, ensuring complete grasp of updated risks and relationship basis. Respond to all red flags to enhance comprehension.

VISANEX LIMITED ensures updated details from Client meetings, talks, or other contacts get logged and stored with Client files, accessible to the Compliance Officer.

Continuous Client activity monitoring keeps the Client profile current and involves steady gathering of CDD data.

Know Your Transaction (KYT)

The Transaction Monitoring Process, known as KYT (Know Your Transaction), serves as a mechanism for observing and supervising financial operations to identify and block fraudulent or illegal actions, like money laundering or terrorist financing.

VISANEX LIMITED performs KYT solely on fiat transactions. Full details, covering all alert types and percentages, appear in the “Fiat Transaction Monitoring” document. KYT fulfills anti-money laundering and terrorist financing (AML/TF) legal mandates and stands as a vital instrument for financial entities to uphold compliance, curb financial crimes, and shield customers plus reputation.

VISANEX LIMITED relies on various reliable vendors and internal guidelines for KYT on fiat deals. Event-driven reviews let VISANEX LIMITED keep tabs on every customer’s profile nonstop. Review cadence depends on signals from the transaction monitoring tool, plus regulator or external alerts highlighting emerging laundering tactics, such as targeted sectors or platforms.

Sample triggers for event-based reviews:

• Shifts in customer patterns and repeated high-risk alerts from monitoring systems;
• Adverse media or legal moves against platforms/services viewed as laundering conduits;
• Third-party system flags on unwanted behavior;
• Major updates to prior customer details;
• Dormant accounts suddenly active with new counterparts.

The KYT workflow includes these phases:
Transaction – the system captures details on the sending or receiving account.
Transaction verification and response – projected turnover helps initial risk categorization for the customer.
Recording the account for continuous monitoring – incoming/outgoing accounts enter the system for ongoing watch; risk profile changes prompt instant alerts to staff.

For instance, event-based review triggers might encompass:

• Behavioral changes in customers and consistent high-risk flags in SumSub or Chainalysis;
• Bad press or enforcement against platforms/services seen as laundering paths;
• Third-party monitoring flags on individuals for unwanted marketing;
• Substantial revisions to earlier KYC info, including current monitoring platform data;
• Dormant accounts or new address interactions ramping up.

Passing KYT follows:
Step 1 – transaction – system logs the login or withdrawal address.
Step 2 – Transaction verification and response – Anticipated turnover enables preliminary customer risk grouping.
Step 3 – Record the address in the database for continuous monitoring – All addresses (in/out) log into a registry for nonstop oversight. Risk alterations notify the responsible party promptly.

Suspicious Activity Reporting

Under GAMLCFT 7.9, designate an MLRO to: (a) examine internal tips and exception logs, deciding on JFIU filings based on all pertinent data; (b) retain review records; (c) guide on avoiding tipping-off.

Laws require reporting knowledge/suspicion of property as drug trafficking proceeds, punishable crimes, terrorist assets, or linked/intended uses — notify authorized officers ASAP (truncated).

Company staff spotting suspicious deals report straight to MLRO and CO immediately, feeding into formal channels.

MLRO/CO assess reasonable suspicion grounds; MLRO files STR promptly if warranted.

Pre-STR, apply SAFE:
Screen: Scan account for red flags — note indicators spotted.
Ask: Query client suitably.
Find: Dig into known details for suspicion verdict; review full transaction/CDD.
Assess: Weigh info — is it suspicious?

Per GAMLCFT 7.5, file STR immediately on suspicion, even sans transaction, or post-initial ID.

Send STRs via email/registered mail; MLRO phones JFIU. Secure e-channels; reliable hard-copy delivery:

STREAMS e-system

MLRO@visanex.io

STR details:

• Personal info (name, ID/passport, DOB, address, phone, account) of involved parties/companies;
• Suspicious activity specifics;
• Suspicion rationale — present indicators?

Keep STR rationale/assessments separate (COO/MLRO only); lock reports in “Confidential” folders. E-files/emails label “Confidential” top/header.

Record keeping

VISANEX LIMITED follows Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations, maintaining:

• Complete audit trails for KYC/CDD/EDD on prospects (pre-onboard) and clients, incl. UBOs/fund transfer info;
• 5-year register of terminated clients/relationships due to info refusal;
• 5-year copies of client ID, beneficial owner ID, beneficiary ID, selfies, video streams/recordings/photos, onboarding data;
• 5-year e/paper business correspondence;
• 5-year transaction/execution data from operation dates;
• 5-year suspicious activity/transaction investigation logs.

Records must produce to authorities within 30 days of request, in accessible form.

Training Policy

VISANEX LIMITED runs routine AML/CFT sessions for staff via CO. Invite external govt/NGO trainers for seminars. CO ensures qualified, experienced AML pros relevant to business. Foster AML suspicious transaction culture per Chapter 5.

CO attends/monitors all sessions regardless, retaining records 3+ years min.

CO tracks arrivals/departures; sign-ins by attendees only, full ID names. Keep records 7 years min.

Absences from mandatory training notify line managers. No regulated work until completing lessons/tests.