FINDIGIT OÜ – Internal procedure rules and internal control rules

FINDIGIT OÜ (registry code 14828613)
INTERNAL PROCEDURE RULES AND INTERNAL CONTROL RULES
provider of a service of exchanging a virtual currency against a fiat currency
provider of a virtual currency wallet service
Compiled by: I. Nikiforov
Kalashnikov Õigusbüroo
Ilja@kalashnikov.ee
Tallinn
2019FINDIGIT OÜ

 

Click to Download full Document

 

INTERNAL PROCEDURE RULES AND INTERNAL CONTROL RULES
The rules of internal procedures, drawn up under the International Sanctions Act, have been
established for the application of international sanctions and for the application of the AntiMoney Laundering and the Combating Financing of Terrorism Act, and the internal control
rules have been established for their implementation.
1. GENERAL PROVISIONS
1. These rules establish internal security measures at the enterprise for the performance of
customer due diligence measures in order to establish control over compliance with the
requirements for the prevention of money laundering and terrorist financing and for the
disclosure of suspicious and unusual transactions.
2. The basis of these rules is the International Sanctions Act (IAS), the Anti-Money
Laundering and Combating Financing of Terrorism Act (AML/CFT) and the Directive
(EU) 2015/849 of the European Parliament and of the Council.
3. The purpose of these rules is to enhance the credibility and transparency of the business
environment in order to prevent the use of the financial system and economic space of
the Republic of Estonia for money laundering and terrorist financing.
4. These rules regulate and establish:
1) the basic principles of assessment, management and reduction of risks associated
with money laundering and financing of terrorism;
2) the procedure for applying customer due diligence measures in respect of the
customer, including the procedure for applying simplified or enhanced customer due
diligence measures;
3) responsibilities for data collection and related customer due diligence measures
related to the disclosure in respect of actual beneficial owner of legal entities;
4) guidance on how to effectively determine whether the case is with a person who is
connected with public authorities or with a person who is connected with local
authorities or with a person in respect of whom international sanctions are applied or
with a person, whose place of residence or location is inthe third country with the
high risk;
5) the order of data collection, their security and their accessibility;
6) models foridentificationof the customer and related risks;
7) methodology and guidance for determining if an obliged entity is suspected in
connection with money laundering and terrorist financing, or the case is with a
suspicious transaction or circumstances, as well as guidance on compliance with
notification requirements and procedures of reporting to the management;
28) the order of management and assessment of related risks in connection with the
available new technologies, services and products, including new or unconventional
sales channels or in connection with developing technologies;
9) collection of information on account holders and the duties related to the disclosure.
5. The provisions of the procedural rules apply to all transactions related to business relations
and with customers, including transactions that are concluded with the help of agents,
and in the manner prescribed in the Anti-Money Laundering and Combating Financing
of Terrorism Act (hereinafter AML/CFT) when transferring commercial activities to a
third party.
6. Responsible person of the legal entity is the management board, responsible person of the
branch is the branch manager, or in case of their absence, the obliged entity should
provide the employees whose responsibilities include the establishment of partnerships
or transactions, for the fulfillment of obligations arising from this Act, due vocational
training, which should continue after the employee starts execution of mentioned above
responsibilities and after on a regular basis or when necessary. In the course of training,
among other things, information should be provided on the envisaged procedural rules,
on modern methods of money laundering and the financing of terrorism and on the risks
involved, on the requirements for the protection of personal data, on methods of
recognizing transactions that may be related to money laundering and financing
terrorism, and guidelines for action in such situations.
7. The management board of the enterprise is obliged to familiarize with these rules and with
its applications all employees when applying for a job and in the future as necessary, but
not less than once a year.
8. Employees of the enterprise and the management board are required to confirm with the
signature their acquaintance with this code.
9. Employees of the enterprise and the management board are personally responsible for
compliance with the requirements of the AML/CFT in a manner prescribed by law.
10. The timeliness of this treatment is checked and supplemented on a regular basis, but not
less than once a year.
11.Employees of the enterprise are required to know and strictly adhere to the provisions of
the AML/CFT, as well as guidance on identifying signs of money laundering and
terrorist financing in transactions, drawn up by the Financial Intelligence Unit, and
based on the requirements of this code.
12.Employees of the enterprise should independently familiarize themselves with laws and
other legal acts that are published on the Financial Intelligence Unit’s website
http://www.politsei.ee/et/organisatsioon/rahapesu/ at least once a year.
13.Obliged entities shall co-operate with each other and with government supervisory
authorities, as well as with law enforcement agencies to prevent money laundering and
terrorist financing, including the provision of information at their disposal and
3responding to requests within a reasonable time, following prescribed requirements and
adhering to the restrictions that are prescribed in legal acts.
2. DEFINITIONS
2.1.Money laundering – property obtained through criminal activity or obtaining property for
participation in criminal activities:
1) conversion of property or transfer of property if it is known that such property was
obtained as a result of criminal activity or with participation in it, in order to conceal
the illegal origin of property or to assist a person participating in criminal activity so
that it evades the legal consequences of its actions;
2) acquisition, possession or use if, upon receipt, it has become known that it was
obtained through criminal means or with participation in a crime;
3) the concealment or disguise of the true nature, origin, location, manner of disposal,
rearrangement or concealment of property rights, or concealment of other rights
related to property, or if it became known that such property was obtained as a result
of criminal activity or with participation in a crime;
4) money laundering is a participation in the activity specified in section 2.1.1,
connectionto that, in an attempt to participate in it and in every way to facilitate and
incite or provide favorable conditions or advise;
5) money laundering is regarded as such also in case where a criminal activity which
generated the property to be laundered was carried out in the territory of another
country;
6) money laundering is regarded as such also where the details of a criminal activity
which generated the property to be laundered have not been identified.
2.2.Financing of terrorism and financing activities for its commission is a terrorist illegal act
in the sense of 237³ Penal Code.
The Financial Intelligence Unit – the Money Laundering Information Bureau is an
independent structural subdivision of the Police and Border Guard Department, which
oversees and whose main task is to suppress the financing of money laundering and
terrorism in Estonia. Applies state coercion on the basis and in the manner prescribed by
law. Address: Tööstuse 52, 10416 Tallinn; e-mail: rahapesu@politsei.ee; phone (+372)
612 3840; fax: (+372) 612 3845.
2.3.Cash means cash within the meaning of Article 2(2) of Regulation (EC) No 1889/2005 of
the European Parliament and of the Council on controls of cash entering or leaving the
Community (OJ L 309, 25.11.2005, pp 9–12).
2.4.Property means any object as well as the right of ownership of such object or a document
certifying the rights related to the object, including an electronic document, and the
benefit received from such objekt.
2.5.Obliged entity means a person specified in § 2 of the AML/CFT, including economic,
vocational and professional activities of the following persons:
41) credit institutions;
2) financial institutions;
3) gambling operators, except for organisers of commercial lotteries;
4) persons who mediate transactions involving the acquisition or the right of use of real
estate; traders within the meaning of the Trading Act, where a cash payment of no
less than EUR 10 000 or an equal amount in another currency is made to or by the
trader, regardless of whether the financial obligation is performed in the transaction
in a lump sum or by way of several linked payments over a period of up to one year,
unless otherwise provided by law;
5) persons engaged in buying-in or wholesale of precious metals, precious metal articles or
precious stones, except precious metals and precious metal articles used for production,
scientific or medical purposes;
6) auditors and providers of accounting services;
7) providers of accounting or tax advice services;
8) providers of trust and company services;
9) providers of a service of exchanging a virtual currency against a fiat currency;
10) providers of a virtual currency wallet service;
11) a central securities depository where it arranges the opening of securities accounts and
provides services related to register entries without the mediation of an account
operator;
12) undertakings providing a cross-border cash and securities transportation service;
13) pawnbrokers.
2.6.Business relationship means a relationship that is established upon conclusion of a longterm contract by an obliged entity in economic or professional activities for the purpose
of provision of a service or sale of goods or distribution thereof in another manner or
that is not based on a long-term contract, but whereby a certain duration could be
reasonably expected at the time of establishment of the contact and during which the
obliged entity repeatedly makes separate transactions in the course of economic or
professional activities while providing a service or professional service, performing
professional acts or offering goodis.
2.7.Customer means a person who has a business relationship with an obliged entity.
2.8.Precious stones means natural and artificial precious stones and semi-precious stones,
their powder and dust, and natural and cultivated pearls.
2.9.Precious metal means precious metal within the meaning of the Precious Metal Articles
Act.
2.10.Precious metal article means a precious metal article within the meaning of the
Precious Metal Articles Act.
2.11.Virtual currency means a value represented in the digital form, which is digitally
transferable, preservable or tradable and which natural persons or legal persons accept
as a payment instrument, but that is not the legal tender of any country or funds for the
5purposes of Article 4(25) of Directive (EU) 2015/2366 of the European Parliament and
of the Council on payment services in the internal market, amending Directives
2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and
repealing Directive 2007/64/EC (OJ L 337, 23.12.2015, pp. 35–127) or a payment
transaction for the purposes of points (k) and (l) of Article 3 of the same Directive.
2.12.Virtual currency wallet service means a service in the framework of which keys are
generated for customers or customers’ encrypted keys are kept, which can be used for
the purpose of keeping, storing and transferring virtual currencies.
2.13.Senior management of obliged entity means an officer or employee with sufficient
knowledge of the institution’s money laundering and terrorist financing risk exposure
and sufficient seniority to take decisions affecting its risk exposure, and need not, in all
cases, be a member of the management board.
2.14.Foreign exchange services means the exchanging of a valid currency against another
valid currency by an undertaking in its economic or professional activities.
2.15.Group means a group of undertakings which consists of a parent undertaking, its
subsidiaries within the meaning of § 6 of the Commercial Code, and the entities in
which the parent undertaking or its subsidiaries hold a participation, as well as
undertakings that constitute a consolidation group for the purposes of subsection 3 of §
27 of the Accounting Act;
2.16.High-risk third country means a country specified in a delegated act adopted on the
basis of Article 9(2) of Directive (EU) 2015/849 of the European Parliament and of the
Council on the prevention of the use of the financial system for the purposes of money
laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the
European Parliament and of the Council, and repealing Directive 2005/60/EC of the
European Parliament and of the Council and Commission Directive 2006/70/EC (OJ L
141/73, 05.06.2015, pp 73–117).
2.17.A contact person is an employee who is appointed by decision of the management board
and who is the contact person of the Financial Intelligence Unit and regulates the
implementation of established methods for preventing money laundering and terrorist
financing. If a specific contact person is not appointed by the decision of the
management board, in this case the duties of the contact person are performed by the
management board of the legal entity.
2.18.Seller means a natural person who serves customers on behalf of a trader, or a person
who sells goods or provides services outside the economic or professional activities
thereof by way of street or market trading.
3. NATIONAL RISK ASSESSMENT
3.1.National risk assessment:
1) it is envisaged to develop legal acts to prevent money laundering and terrorist
financing and cover other areas and regulation with related areas, as well as the
6development of guidance for supervisory institutions and the need for their
modification;
2) specifies, among other things, the sectors, fields, transaction amounts and types and,
where necessary, countries or jurisdictions with regard to which obliged entities must
apply enhanced due diligence measures and, where necessary, clarifies the measures;
3) specifies, among other things, the sectors, fields, transaction amounts and types
whereby the risk of money laundering and terrorist financing is smaller and where it
is possible to apply simplified due diligence measure;
4) gives instructions to the ministries and authorities in their area of government
regarding allocation of resources and setting of priorities for AML/CFT purposes.
3.2.Upon implementation of national risk assessment, relevant information, statistics and
analyses which have been published or made available to the ministries or authorities in
their area of government, including relevant risk assessments, reports and
recommendations of international organisations and the European Commission are
taken into account and collected, thereby taking account of data protection
requirements.
3.3.The generalized results of the national risk assessment are published on the website of the
Ministry of Finance and immediately made available to obliged entities, the European
Commission, European supervisory authorities and other Member States of the
European Union.
3.4.Based on the national risk assessment, the minister responsible for the field may by a
regulation establish limit amounts, requirements for monitoring a business relationship
or other risk-based restrictions aimed at mitigating the risks of money laundering or
terrorist financing.
4. MANAGING RISKS ARISING FROM THE ACTIVITIES OF THE OBLIGED
ENTITY
4.1. For the purpose of identification, assessment and analysis of risks of money laundering
and terrorist financing related to their activities, obliged entities prepare a risk
assessment, taking account of at least the following risk categories:
1) risks relating to customers;
2) risks relating to countries, geographic areas or jurisdictions;
3) risks relating to products, services or transactions;
4) risk relating to communication, mediation or products, services, transactions or
delivery channels between the obliged entity and customers.
4.2.The steps taken to identify, assess and analyse risks must be proportionate to the nature,
size and level of complexity of the economic and professional activities of the obliged
entity.
4.3.As a result of the risk assessment, the obliged entity establishes:
1) fields of a lower and higher risk of money laundering and terrorist financing;
7 2) the risk appetite, including the volume and scope of products and services provided
in the course of business activities;
3) the risk management model, including simplified and enhanced due diligence
measures, in order to mitigate identified risks.
4.4.Risk appetite means the total of the exposure level and types of the obliged entity, which
the obliged entity is prepared to assume for the purpose of its economic activities and
attainment of its strategic goals, and which is established by the senior management of
the obliged entity in writing. When applying the above, one should also take into
account the risk that the obliged entity is ready to accept or that it wishes to avoid in
connection with its commercial activities and with qualitative and quantitative
mechanisms such as planned income, capital or other methods used by other liquid
funds, or other circumstances, such as reputational risks and money laundering and
terrorist financing, or legal and other risks associated with unethical activities.
4.5.When applying Risk appetite to the risk, the obliged entity must at least determine those
of the customer’s characteristics which should be to avoided in business relations and,
in the presence of which, it would be necessary to apply the increased customer due
diligence measures, including those when the obliged entity has to assess the risks
associated with this customer and appoint the appropriate methods to reduce these risks.
4.6.The risk assessment and the establishment of the risk appetite must be documented, the
documents are to be updated where necessary and based on the published results of the
national risk assessment. At the request of the competent supervisory authority, the
obliged entity submits the documents to the supervisory authority.
4.7.When applying the AML/CFT it is expected that an obliged entity that is the parent
undertaking of a group applies group-wide rules of procedure and the internal control
rules for controlling adherence thereto regardless of whether all the undertakings of the
group are located in one country or in different countries. This obligation includes, inter
alia, the establishment of a group-wide procedure for exchanging information on of the
AML/CFT and the establishment of similar rules for protection of personal data. The
obliged entity ensures that group-wide rules of procedure and the internal control rules
for controlling adherence thereto take to the appropriate extent account of the law of
another Member State of the European Union which implements Directive (EU)
2015/849 of the European Parliament and of the Council, where the obliged entity has a
representation, branch or majority-owned subsidiary in that Member State.
4.8.Where the obliged entity has a representation, branch or majority-owned subsidiary in a
third country where the minimum requirements for AML/CFT are not equivalent to
those of Directive (EU) 2015/849 of the European Parliament and of the Council, the
representation, branch and majority-owned subsidiary follow the rules of procedure and
internal control rules complying with the requirements of this Act, including the
requirements for protection of personal data, to the extent permitted by the law of the
third country.
84.9.Where the obliged entity identifies a situation where the law of the third country does not
allow for implementing rules of procedure or internal control rules complying with the
requirements of the AML/CFT in its representation, branch or majority-owned
subsidiary, the obliged entity informs the competent supervisory authority thereof. The
competent supervisory authority notifies the Member States and, where relevant, the
European supervisory authorities where it has become evident in accordance with the
first sentence of this subsection that the law of the third country does not allow for
applying rules of procedure or internal control rules complying with the requirements of
Directive (EU) 2015/849 of the European Parliament and of the Council. In the case
specified in this section, the obliged entity ensures the application of additional
measures in the representation, branch or majority-owned subsidiary so that the risks
relating to money laundering or terrorist financing are effectively managed in another
manner, informing the competent supervisory authority of the measures taken. In such
an event the competent supervisory authority has the right to issue a precept demanding,
inter alia, that the obliged entity or its representation, branch or majority-owned
subsidiary:
1) refrain from establishing new business relationships in the country;
2) terminate the existing business relationships in the country;
3) suspend the provision of the service in part or in full;
4) wind itself up;
5) apply other measures provided for in regulatory technical standards adopted by
the European Commission on the basis of Article 45(7) of Directive (EU) 2015/849
of the European Parliament and of the Council.
4.10.Within the group, information on a suspicion reported to the Financial Intelligence Unit
may be shared, unless the Financial Intelligence Unit has ordered otherwise.
4.11.Where a foreign service provider is an obliged entity and has a branch that has been
registered in the Estonian commercial register or where a foreign service provider has a
majority-owned subsidiary, it does not need to apply the group-wide rules of procedure
or internal control rules to the extent that adherence thereto would be in conflict with
the national risk assessment prepared on the basis of the AML/CFT or with
requirements established in or on the basis of the AML/CFT.
5. CUSTOMER DUE DILIGENCE MEASURES
5.1.It is necessary to pay special attention to the person involved in the transaction or to the
customer’s activities and circumstances that indicate money laundering or the financing
of terrorism, or to the obvious connection with money laundering or terrorist financing,
including a complex transaction of a large volume, as well as an unusual transaction that
does not have a specific financial purpose.
5.2.Thefollowing methods of due diligence are applied to customers:
1) identification of a customer or a person participating in an occasional transaction
9and verification of the submitted information based on information obtained from a
reliable and independent source, including using means of electronic identification and
of trust services for electronic transactions;
2) identification and verification of a customer or a person participating in an
occasional transaction and their right of representation;
3) identification of the beneficial owner and, for the purpose of verifying their identity,
taking measures to the extent that allows the obliged entity to make certain that it knows
who the beneficial owner is, and understands the ownership and control structure of the
customer or of the person participating in an occasional transaction;
4) understanding of business relationships, an occasional transaction or act and, where
relevant, gathering information thereon;
5) gathering information on whether a person is a politically exposed person, their
family member or a person known to be close associate;
6) monitoring of a business relationship.
5.3.Upon implementation of subsection 5.2 of this section, the obliged entity must understand
the purpose of the business relationship or the purpose of the occasional transaction,
identifying, inter alia, the permanent seat, place of business or place of residence,
profession or field of activity, main contracting partners, payment habits and, in the case
of a legal person, also the experience of the customer or person participating in the
occasional transaction.
5.4.In the case of an occasional transaction made outside of a business relationship, the
obliged entity gathers information on the origin of the property used in the transaction,
instead of applying clause 4 of subsection 5.2 of this section.
5.5.A person participating in a transaction made in economic or professional activities, a
person participating in a professional act or a person using a professional service or a
customer submits, at the request of the obliged entity, documents required for
application of the due diligence measures specified in clauses 1–4 of the subsection 5.2
of this section and provides relevant information. A person participating in a transaction
made in economic or professional activities, a person participating in a professional act
or a person using a professional service or a customer certifies by signature, at the
request of the obliged entity, the correctness of the submitted information and
documents submitted for the application of the due diligence measures.
5.6.The due diligence measures specified in clauses 1-5 of subsection 5.2 of this section must
be applied before the conclusion of the transaction, before and outside the
partnership.
5.7.The identity of a customer or of the customer’s representative may beverified on the
basis of information obtained from a credible and independent source also at the time of
establishment of the business relationship, provided that it is necessary for not
disturbing the ordinary course of business. In such an event the verification of identity
must be carried out as quickly as possible and before the taking of binding measures..
105.8.The obliged entity may choose the extent of performance of the duty and the need to
verify the information and data used therefore with the help of a credible and
independent source.
5.9.Due diligence measures to the business relationship may be applied in a simplified
manner in accordance with the simplified procedure, provided that a factor
characterising a lower risk has been established and ay least the following criteria are
met:
1) a long-term contract has been concluded with the customer in writing, electronically
or in a form reproducible in writing;
2) payments accrue to the obliged entity in the framework of the business relationship
only via an account held in a credit institution or the branch of a foreign credit
institution registered in the Estonian commercial register or in a credit institution
established or having its place of business in a contracting state of the European
Economic Area Agreement or in a country that applies requirements equal to those of
Directive (EU) 2015/849 of the European Parliament and of the Council;
3) the total value of incoming and outgoing payments in transactions made in the
framework of the business relationship does not exceed EUR 15 000 a year.
6. SIMPLIFIED CUSTOMER DUE DILIGENCE MEASURES
6.1.The obliged entity may apply simplified customer due diligence measures where a in the
risk assessment prepared on the basis of the risk analysis, which is compiled by the
obliged person, it is established that, in the case of the economic or professional activity,
field or circumstances, the risk of money laundering or terrorist financing is lower than
usual.
6.2.Before the application of simplified customer due diligence measures to a customer, the
obliged entity establishes that the business relationship, transaction or act is of a lower
risk.
6.3.The application of simplified customer due diligence measures is permitted to the extent
that the obliged entity ensures sufficient monitoring of transactions, acts and business
relationships, so that it would be possible to identify unusual transactions and allow for
notifying of suspicious transactions in accordance with the procedure established in §
49 of the AML/CFT.
7. ENHANCED CUSTOMER DUE DILIGENCE MEASURES
7.1.The obliged entity applies enhanced customer due diligence measures in order to
adequately manage and mitigate a higher-than-usual risk of money laundering and
terrorist financing.
7.2.Enhanced customer due diligence measures are applied always when:
1) upon identification of a person or verification of submitted information, there are
doubts as to the truthfulness of the submitted data, authenticity of the documents or
11identification of the beneficial owner;
2) the customer is a politically exposed person, except for a local politically exposed
person, their family member or a close associate;
3) the customer is from a high-risk third country or their place of residence or seat or
the seat of the payment service provider of the payee is in a high-risk third country;
4) the customer or the person participating in the transaction is from such country or
territory or their place of residence or seat or the seat of the payment service provider of
the payee is in a country or territory that, according to credible sources such as mutual
evaluations, reports or published follow-up reports, has not established effective AML/
CFT systems that are in accordance with the recommendations of the Financial Action
Task Force, or that is considered a low tax rate territory.
7.3.The obliged entity applies enhanced customer due diligence measures also where a risk
assessment prepared on the basis the AML/CFT identifies that, in the case of the
economic or professional activity, field or factors, the risk of money laundering or
terrorist financing is higher than usual.
7.4.Enhanced customer due diligence measures do not need to be applied regarding the
branch of an obliged entity established in a contracting state of the European Economic
Area or a majority-owned subsidiary seated in a high-risk third country, provided that
the branch and the majority-owned subsidiary fully comply with the group-wide
procedures and the obliged entity assesses that the waiver to apply enhanced customer
due diligence measures does not entail major additional risks of money laundering and
terrorist financing.
8. ADDITIONAL CUSTOMER DUE DILIGENCE MEANSURES
8.1.The obliged entity chooses additional customer due diligence measures in order to manage
and mitigate an established risk of money laundering and terrorist financing that is
higher than usual, choosing at own discretion toapply one or several of the following
due diligence measures:
1) verification of information additionally submitted upon identification of the person
based on additional documents, data or information originating from a credible and
independent source;
2) gathering additional information on the purpose and nature of the business
relationship, transaction or operation and verifying the submitted information based on
additional documents, data or information that originates from a reliable and
independent source;
3) gathering additional information and documents regarding the actual execution of
transactions made in the business relationship in order to rule out the ostensibility of the
transactions;
4) gathering additional information and documents for the purpose of identifying the
source and origin of the funds used in a transaction made in the business relationship in
12order to rule out the ostensibility of the transactions;
5) the making of the first payment related to a transaction via an account that has been
opened in the name of the person or customer participating in the transaction in a credit
institution registered or having its place of business in a contracting state of the
European Economic Area or in a country where requirements equal to those of Directive
(EU) 2015/849 of the European Parliament and of the Council are in force;
6) the application of due diligence measures regarding the person or their
representative while being at the same place as the person or their representative.
8.2. Upon application of enhanced customer due diligence measures, the obliged entity must
apply the monitoring of a business relationship more frequently than usually; including
reassess the customer’s risk profile not later than six months after the establishment of
the business relationship.
9. GENERAL PRINCIPLES FOR VERIFICATION OF CUSTOMER’S IDENTITY
9.1.The client confirms the submitted information with his own signature.
9.2.When establishing partnership agreements with a natural person who is a permanent
resident in Estonia or a in a contracting state of the European Economic Area
Agreement, it is possible to follew a simplified procedure for identification.
9.3.Prior to establishing a partnership with a politically exposed person, with family members
of a politically exposed person or with close associates of a politically exposed person,
the employee should receive a permission from the management board, which decides
the feasibility of establishing customer relationship and provides the due guidance for
further tracking of customer relationship.
9.4.Prior to establishing a partnership with a legal entity where the actual beneficial owner is
connected with a politically exposed person, with family members of a politically
exposed person or with close associates of a politically exposed person that operates on
the territory of a contracting state of the European Economic Area Agreement or of a
third country, the employee should receive a permission from the management board,
which decides the feasibility of establishing customer relationship and provides the due
guidance for further tracking of customer relationship.
9.5.Prior to establishing a partnership with a politically exposed person, whose location is the
third country with a high risk, where institutions have not adopted sufficient methods to
prevent money laundering and terrorist financing, or this country does not cooperate
with other countries in the field of preventing money laundering and terrorist financing,
the employee should receive a permission from the management board, which decides
the feasibility of establishing customer relationship and provides the due guidance for
further tracking of customer relationship.
9.6.Prior to establishing a partnership with a legal entity in respect of whose activities, or in
respect of person who formally represents them or in the case of an actual beneficial
owner, there is a prior suspicion that the above-mentioned persons may be associated
with money laundering or financing of terrorism, the employee should receive a
13permission from the management board, which decides the feasibility of establishing
customer relationship and provides the due guidance for further tracking of customer
relationship.
9.7.When at establishing the identity of a customer a justifiable suspicion arises that it does
not act on its own behalf or at its own expense, the employee should establishes the
identity of the person on whose behalf or at whose expense the customer acts.
9.8.If the identity of a person, on behalf of whom, or at whose expense the other person acts,
cannot be established, in this case the employee is prohibited from making a
transaction. Also, the employee must immediately inform the Financial Intelligence
Unit of the intention of the person to make the transaction or about the transaction that
has already taken place.
9.9.Before providing the primary use of the offered service or establishing a partnership it is
preferable to establish the identity of the customer, being with him physically in the
same place.
9.10.When at establishing the customer’s identity a suspicion arises, an employee must ask
for an additional identity document, in which there is a photograph, based on which it is
possible to ensure the correct identification. In case of suspicion for document forgery
signs, it is recommended to keep it, call for police assistance and pass a document that
caused suspicion to a police officer.Use the assistance of a security officer or another
personwhen possible. It is necessary to file a report to the Financial Intelligence Unit on
this case.
10.IDENTIFICATION OF TRANSACTIONS AND CUSTOMER RELATIONSHIP
10.1.The obliged entity’s employee applies the following procedural rules every time prior to
the transaction with the customer or the establishment of business relationship.
10.2.The obliged entity’s employee clarifies the purpose and nature of the transaction and the
establishment of business relationship.
10.3.The obliged entity’s employees are prohibited from making a transaction and signing an
agreement with a customer who refuses to provide the data specified in the previous
section, as well as with a customer for whom the employee has a suspicion that he may
be a front man; if the customer does not provide the required documents and necessary
information or if on the basis of the submitted documents the employee suspects that the
case may be with money laundering or with the financing of terrorism.
10.4.The contact person of the Financial Intelligence Unit (the management board) should be
informed immediately about the cases referred to in section 10.3, and as much data in
the part of the customer, based on which will it be possible to establish the customer’s
identity the later on, must be secured.
11.NATURAL PERSON’S IDENTITY VERIFICATION
1411.1.The obliged entity’s employee establishes the customer’s identity and, if necessary, the
customer’s representative identity, and also the following information in respect of the
customer’s and, if necessary, the customer’s representative, must be secured:
1) name and surname;
2) personal identification code, in case of it’s absence, date of birth and place of birth,
as well as the place of residence or location;
3) information on how to determine and verify the right of representation and its scope,
also in case when the right of representation does not arise from the law, then the
name of the document that is the basis for the right of representation, the date of its
issue and the name of the entity that issued it.
11.2.The obliged entity’s employee verifies the correctness of the data specified in clauses 1,
2, 3 of section 11.1 using information from an independent and reliable source. In the
event that the identifiable person has a document specified in clause 3 section 11.1, or
equivalent document and the customer’s identity is established and verified on the basis
of this document, or is established on the basis of electronic identification, or on the
basis of electronic transactions, using the proven tools, the term of validity of which is
established on the basis of these documents, then in this case there is no need to secure
the additional information in respect to these documents.
11.3.The employee makes a copy of the page on which the personal data is indicated and
there is a photograph, and a copy shall be signed and dated by the person who made the
copy.
11.4.Proceeding from the part 2 of § 2 and the part 4 of § 4 of the Identity Documents Act, the
following effective documents are allowed to be used as the basis for the natural
person’s identity verification:
1) identity card;
2) digital identity card;
3) residence permit card;
4) passport of an Estonian citizen;
5) diplomatic passport;
6) the seaman’s service book;
7) alien’s passport;
8) temporary travel document;
9) refugee travel document;
10) a maritime certificate;
11) return sertificate;
12) refundation license;
13) driver’s license issued in the Republic of Estonia;
14) driver’s license issued in a foreign country, if the owner’s name, a photograph or
facial image, signature or facsimile of the signature and date of birth or personal
identification code are indicated in the document;
1515) travel document issued in a foreign country.
11.5.If the original document specified in clause 11.4 of this code cannot be seen, a notarized
copy of the document and also notarized or officially certified copy of the document or
the information from other independent and reliable sources, including the means of
electronic identification and through electronic transactions, using in this case, the data
control at least two different sources can be used in order to verify the identity.
12.LEGAL ENTITY’S IDENTIFICATION
12.1.In order to identify the legal entity, the submitted documents must contain:
1) the name or business name of the legal person;
2) the registry code or registration number and the date of registration;
3) the names of the director, members of the management board or other body
replacing the management board, and their authorisation in representing the legal
person;
4) the details of the telecommunications of the legal persoon.
12.2.The obliged entity’s employeeverifies the correctness of the data specified inclauses 1
and 2 of section 12.1 of this part, using information originating from a credible and
independent source for that purpose. Where the obliged entity has access to the
commercial register, register of non-profit associations and foundations or the data of
the relevant registers of a foreign country, the submission of the documents specified in
subsection 3 of this section does not need to be demanded from the customer.
12.3.The following effective documents are allowed to be used as the basis for the legal
entity’s identity verification:
1) extract from the registration card of the relevant register or from the registration
certificate or an equivalent document issued by the competent authority or institution
not earlier than six months prior the filing (in the case of a legal entity registered in
Estonia and a branch of a foreign commercial enterprise registered in Estonia);
2) extract from the registration card of the relevant register or from the registration
certificate or an equivalent document issued by the competent authority or institution
not earlier than six months prior the filing (in the case of a foreign legal entity).
12.4.Where the original document specified in clause12.3 of this partis not available, the
identity can be verified on the basis of a document specified in subsection 3, which has
been authenticated by a notary or certified by a notary or officially, or on the basis of
other information originating from a credible and independent source, including means
of electronic identification and trust services for electronic transactions, thereby using at
least two different sources for verification of data in such an event.
12.5. A representative of a legal person of a foreign country must, at the request of the obliged
entity, submit a document certifying his or her powers, which has been authenticated by
a notary or in accordance with an equal procedure and legalised or certified by a
16certificate replacing legalisation (apostille), unless otherwise provided for in an
international agreement.
13.ACTUAL BENEFICIAL OWNER IDENTIFICATION
13.1.When establishing a legal entity, the obliged entity must register the actual beneficial
owner of the legal entity. As a rule, it is assumed that the legal entity is represented by a
legal representative or a person having a power of attorney for representation. In respect
of powers of attorney and documents that were drawn up in foreign countries; it must be
taken into account that they must be legalized or apostilled. When dealing with a
document authorizing the rights of representation, it is necessary to clarify the fact
whether the entity who issued the document had the authority to do so. The
representative of the legal entity is expected to have knowledge of economic or
professional activities, the purpose of the transaction, business partners, sources and
origin of the funds used, the range of owners and other knowledge.
13.2.Beneficial owner means a natural person who, taking advantage of their influence, makes
a transaction, act, action, operation or step or otherwise exercises control over a
transaction, act, action, operation or step or over another person and in whose interests
or favour or on whose account a transaction or act, action, operation or step is made.
In the case of companies, a beneficial owner is the natural person who ultimately owns
or controls a legal person through direct or indirect ownership of a sufficient percentage
of the shares or voting rights or ownership interest in that person, including through
bearer shareholdings, or through control via other means.
1) Direct ownership is a manner of exercising control whereby a natural person holds a
shareholding of 25 per cent plus one share or an ownership interest of more than 25
per cent in a company. Indirect ownership is a manner of exercising control whereby
a company which is under the control of a natural person holds or multiple
companies which are under the control of the same natural person hold a
shareholding of 25 per cent plus one share or an ownership interest of more than 25
per cent in a company.
2) Where, after all possible means of identification have been exhausted, the person
specified in this section of this part cannot be identified and there is no doubt that
such person exists or where there are doubts as to whether the identified person is a
beneficial owner, the natural person who holds the position of a senior managing
official is deemed as a beneficial owner.
3) The obliged entity may consider the actual beneficial owner also the person who
exercises control over the enterprise in another way, other than ownership interest of
more than 25 per cent in the said enterprise. This procedure develops when an
obliged entity has a suspicion that an overwhelming control over the enterprise is
being exercised by a third party, whose communication with the enterprise cannot be
legally proven or the proof is difficult. In this case, information should be required
17about their owners, partners and other persons who control the activities of the legal
entity or have any other significant influence.
4) In the case of a trust, civil law partnership, community or legal arrangement, the
beneficial owner is the natural person who ultimately controls the association via
direct or indirect ownership or otherwise and is such associations’: settlor or person
who has handed over property to the asset pool; trustee or manager or possessor of
the property; person ensuring and controlling the preservation of property, where
such person has been appointed, or the beneficiary, or where the beneficiary or
beneficiaries have yet to be determined, the class of persons in whose main interest
such association is set up or operates.
5) In the case of a person or an association of persons not specified in clauses 2 and 6 of
this section, a member or members of the management board may be designated as a
beneficial owner.
6) The obliged entity registers and keeps records of all actions taken in order to identify
the beneficial owner.
7) If this is the case with a commercial entity whose securities are traded on the
regulated securities market, then there is no need to establish the actual beneficial
owner of this commercial entity.
13.3.The information received from the representative of the legal entity shall be used in order
to determine the actual beneficial owner.
1) The obliged entity analyzes the documents submitted by the representative of the
legal entity and, if necessary, requests additional documents and data in order to
establish the legal beneficial owner (s) of the legal entity.
2) If the obliged entity has a suspicion about the accuracy or completeness of the
relevant information, then a thorough check of the information provided on open
accessible sources of information must be performed and, if necessary, the customer
should be requested to provide additional information.
3) If it is not clear from the documents on the basis of which the legal entity is being
established or from other documents provided, who is the actual beneficial owner,
then the relevant data has to be recorded from the words of the representative of the
legal entity or on the basis of a written document signed by him personally. It is
necessary to apply reasonable methods (to make inquiries in the appropriate
registers), to require the provision of an annual report of a legal entity or the
provision of other relevant documents, in order to verify the information received on
the basis of a document which was drawn up from the words or handwritten.
4) When determining the actual beneficial owner, it is necessary to pay primarily
attention to commercial entities that are established in a zone with low taxation, the
legal capacity of which is not always straightforward.
5) If another legal entity is related to the concept of the actual beneficial owner of a
controlled legal entity, then the obliged entity must assess the risks of the person or
18the customer and, in appropriate order, collect information in relation to another legal
entity related to this legal entity, in order to establish the actual beneficial owner.
13.4.Identification of the actual beneficial owner of a natural person:
1) when establishing a natural person’s identity, the obliged entity is required in the case
of suspicion to establish also the actual beneficial owner of a natural person in the
sense of identifying the person who controls the activity of the audited persoon;
2) asuspicion regarding the existence of the actual beneficial owner may appear
primarily if, in applying the customer due diligence measures, the obliged entity has
a suspicion that the natural person was inclined to create a business relationship or to
conduct a transaction. In this case, it is necessary to consider that entity which
controls a natural person is the actual beneficial owner of a natural person.
14.POLITICALLY EXPOSED PERSON IDENTIFICATION
14.1.A politically exposed person is an individual who performs the duties of public authority
or performs significant duties of public authority, including the president of the
republic, the head of government, the minister or deputy minister or minister’s assistant,
a member of parliament or a member of a state body similar to the parliament, a
member of the state court or the suprem court, the state controller and a member of the
central bank’s management board, the ambassador, the charge d’affaires and the senior
officer of the defense forces, the management board member of the state, a member of
the administrative or supervisory authority, the head of an international organization, a
deputy head and a member of the management, or a person who performs the same
functions but does not have an official secondary or lower status level.
1) A person politically connected with local authorities is the person specified in clause
14.1 that performs or performed significant public authority duties in Estonia, in
other countries which are the contracting states of the European Economic Area
Agreement or in the European Union’ institutions.
2) A member of the family of a politically exposed person at the state level or a
politically exposed person at the local level is a spouse of a person or person who is
considered to be a spouse of a politically exposed person at the state level or a
politically exposed person at the local level, a child of a politically exposed person at
the state level or a politically exposed person of the local level or spouse of a child of
a politically exposed person at the state level or a politically exposed person at the
local level or a person who is considered to be a spouse of a child of a politically
exposed person at the state level or a politically exposed person at the local level, and
a parent of a politically exposed person at the state level or a politically exposed
person at the local level.
3) The close associate is an individual with respect to whom it is known that he or she
is in relation to a legal entity or legal structure and he or she is the actual beneficial
owner or co-owner together with a politically exposed person at the state level or
19with a politically exposedperson at the local level or has close business relations with
a politically exposed person at the state level or with a politically exposed person at
the local level and an individual who is the only actual beneficial owneror of such
legal entity’s legal framework in respect of which it is known that it is indeed
established by a politically exposed person at the national level or in favor of a
politically exposed person at the local level.
14.2.In a situation where an economic or professional transaction or a participant in the
performance of an official act, the customer or their actual beneficial owner is a
politically exposed person of national level, a member of the family of a politically
exposed person of national level, or a person who is a close associate of a politically
exposed person of national level, then the obliged person applies the following customer
due diligence measures:
1) receives approval from senior management to establish a partnership or to continue
business relationships with that person;
2) applies methods of customer due diligens measures in order to establish the origin of
thematerial wealth and the sources of funds that are used in partnerships or that are
used for the transaction;
3) monitors these partnerships in an enhanced manner of customer due diligence and
conducts regular enhanced monitoring, with the exception of cases specified in legal
acts.
14.3.If a politically exposed person of state level no longer fulfills the public duties entrusted
to him or her, then the obliged entity, for at least 12 months, must take into account the
risks that have been associated with the person in question and apply the necessary and
risk-based methods untilit is sure that the risks inherent in a politically exposed person
of national level no longer arise.
14.4.The obliged entity may not apply the methods of customer due diligence described in
this part to a politically exposed person of national level, to members of his or her
family and to persons who are considered his or her close associates, if there are no
other circumstances indicating the presence of other, higher than usual risks.
14.5.The obliged entity should establish the internal procedural rules on the basis of which the
decision shall be made whether the potential customer or the actual beneficial owner of
the customer is a politically exposed person of state level, a politically exposed person
of local level of a county which is the contracting state of the European Economic Area
Agreement or of a third country or who performs or performed the public duties
assigned to him or her in international organizations. The obliged entity should establish
the close associates of a politically exposed person of state level and members of his or
her family only if their connection with the executor of important public duties is
known to the public or when the obliged entity has reason to believe that such a
relationship exists.
2014.6.The obliged entity must apply the enhanced customer due diligence measures in addition
to the necessary methods of customer due diligence with regard to a politically exposed
person of state level including the following methods:
1) require the additional information from the customer, as well as to applyall necessary
methods in order to establish sources of wealth and money that are used to establish
business relationships or when conducting a transaction;
2) verify data or make inquiries to the relevant databases or open databases or make
inquiries or verify data with respect to the customer, or to the appropriate supervisory
authorities at the customer’s location or on official websites of government agencies.
The following data should be checked primarily:
• a politically exposed person of local level can be checked on the website of thee
the Financial Intelligence Unit: https://www.politsei.ee/et/organisatsioon/
rahapesu/kasulikku/;
• a foreign politically exposed person of national level can be identified using the
NameScan database: https://namescan.io/FreePEPCheck.aspx., which has a free
access, or in any paid database (for example, Thomson Reuters, MemberCheck
and others);
• while checking a politically exposed person of local level, as well as a
politically exposed person of national level, it is necessary to perform an
additional check up using Google, and also using local search systems in the
country of origin of the customer, by entering the customer’s name and date of
birth both in Latin letters and using the locallanguage.
14.7.The decision to establish a business relationship with a politically exposed person of
national level must be taken by the management board of the obliged entity, the
responsible member of the management board or the contact person. If a business
relationship is established with the customer that will become later on or later it will
becomes known that he or she or actual beneficial owner has become a politically
important person of state level in the understanding of this guidance, then it is necessary
to inform the management board, the responsible member of the management board or
the contact person.
15.HIGH RISK THIRD COUNTRY ACTING PERSON
15.1.The high risk country is the third country which, on the basis of the Directive (EU)
2015/849 of the European Parliament and of the Council, that regulates the
counteraction to money laundering and the financing of terrorism of the financial
system and which amends the Resolution (EU) 648/2012 of the European Parliament
and of the Council and recognizes invalid, and the Directive (EU) 2005/60/EU of the
European Parliament and of the Council and Commission Directive (EU) 2006/70/EU
(EU page 141, 05.06.2015, pages 73-117), section 9 part 2, high risk countries are listed
(Annex 14) on the basis of these adopted acts.
2115.2.High risk third countries include: Afghanistan, Bosnia and Herzegovina, Guyana, Iraq,
Lao People’s Democratic Republic, Syria, Uganda, Vanuatu, Yemen, Iran and North
Korea.
15.3.If an obliged entity in the commercial or professional activity in the course of a
transaction or in the performance of an official act interacts with the participating entity,
with a customer, in whose respect an official action is carried out, or with a customer
from a high risk third country, then the following customer due diligence measures
should be applied:
1) collection of additional information concerning the customer and the actual
beneficial owner;
2) collection of additional information regarding the content of the planned transaction;
3) collection of information regarding the origin of funds and the wealth of the
customer and the actual beneficial owner;
4) collection of information regarding the reasons for planned or concluded
transactions;
5) obtaining permission from senior management to establish partnerships or to
continue them;
6) to intensify the monitoring of business relationship by increasing the number and
frequency of control methods applied and selecting the parameters of transactions
subject to additional verification.
15.4.In addition to the above, the obliged person may oblige the customer and require from
the customer at the moment of making payments from the account of the customer
whose location is in a contracting state of the European Economic Area Agreement, to
apply the same measures that apply to credit institutions of third countries on the basis
of the Directive (EU) 2015/849 of the European Parliament and of the Council.
16.MONITORING BUSINESS RELATIONSHIP
16.1.The obliged entity establishes principles for monitoring a business relationship
established in economic or professional activities (hereinafter monitoring business
relationship) according to the rules of internal proceduresand internal control rules.
16.2.Monitoring business relationship must include at least the following:
1) checking of transactions made in a business relationship in order to ensure that the
transactions are in concent with the obliged entity’s knowledge of the customer,
customer’s activities and customer’s risk profile;
2) regular updating of relevant documents, data or information gathered in the course
of application of customer due diligence measures;
3) identifying the source and origin of the funds used in a transaction;
4) in economic or professional activities, paying more attention to transactions made in
the business relationship, the activities of the customer and circumstances that refer
to a criminal activity, money laundering or terrorist financing or that a likely to be
22linked with money laundering or terrorist financing, including to complex, highvalue and unusual transactions and transaction patterns that do not have a reasonable
or visible economic or lawful purpose or that are not typicalfor the given business
specifics. In the performance of these duties, it is necessary to ascertain the presence
of these transactions, the reason and the background, as well as other information to
understand the meaning and content of transactions, and to pay more attention to
these transactions;
5) in economic or professional activities, paying more attention to the business
relationship or transaction whereby the customer is from a high-risk third country or
a country or jurisdiction specified in subsection 4 of § 37 of the AML/CFT or
whereby the customer is a citizen of such country or whereby the customer’s place of
residence or seat or the seat of the payment service provider of the payee is in such
country or jurisdiction.
17.DATA REGISTRATION, VERIFICATION AND STORAGE
17.1.The obliged entity registers the transaction date or period and a description of the
substance of the transaction. In addition, the obligedentity registers:
1) information on the circumstances of the obliged entity’s refusal to establish a
business relationship or make an occasional transaction;
2) the circumstances of a waiver to establish a business relationship or make a
transaction, including. an occasional transaction, on the initiative of a person
participating in the transaction or professional act, a person using the official service
or a customer where the waiver is related to the obliged entity’sapplication of
customer due diligence measures;
3) information according to which it is not possible to take the customer due
diligence measures provided for in subsection 1 of § 20 of the AML/CFT using
information technology means;
4) information on the circumstances of termination of a business relationship in
connection with the impossibility of application of the customer due diligence
measures;
5) information serving as the basis for the duty to report under § 49 of the AML/
CFT;
6) upon making transactions with a civil law partnership, community or another
legal arrangement, trust fund or trustee, the fact that the person has such status, an
extract of the registry card or a certificate of the registrar of the register where the
legal arrangement has been registered.
17.2.The obliged entity must retain the originals or copies of the documents specified in §§
21, 22 and 46 of the AML/CFT, which serve as the basis for identification and
23verification of persons, and the documents serving as the basis for the establishment of a
business relationship no less than five years after termination of the business
relationship.
17.3.Arising from AML/CFT, the obliged entity must also retain the entire correspondence
relating to the performance of the duties and obligations and all the data and documents
gathered in the course of monitoring the business relationship as well as data on
suspicious or unusual transactions or circumstances, which the Financial Intelligence
Unit was not notified of, during the period of five years.
17.4.The obliged entity must retain the documents prepared with regard to a transaction on
any data medium and the documents and data serving as the basis for the notification
obligations specified in § 49 of the AML/CFT for no less than five years after making
the transaction or performing the duty to report.
17.5.The obliged entity must retain the documents and data in a manner that allows for
exhaustively and immediately replying to the enquiries of the Financial Intelligence
Unit or, in accordance with legislation, those of other supervisory authorities,
investigative bodies or courts, inter alia, regarding whether the obliged entity has or has
had in the preceding five years a business relationship with the given person and what is
or was the nature of the relationship.
17.6.Where the obliged entity makes, for the purpose of identifying a person, an enquiry with
a database that is part of the state information system, the duties provided for in this
clause will be deemed performed where information on the making of an electronic
enquiry to the register is reproducible over a period of five years after termination of the
business relationship or making of the transaction.
17.7.Upon implementation of § 31 of the AML/CFT, the obliged entity retains the data of the
document prescribed for the digital identification of a person, information on making an
electronic enquiry to the identity documents database, and the audio and video
recording of the procedure of identifying the person and verifying the person’s identity
for at least five years after termination of the business relationship
17.8.The obliged entity implements all rules of protection of personal data upon application of
the requirements arising from the AML/CFT.
17.9.The obliged entity is allowed to process personal data gathered upon implementation of
the AML/CFT only for the purpose of preventing money laundering and terrorist
financing and the data must not be additionally processed in a manner that does not
meet the purpose, for instance, for marketing purposes.
17.10.The obliged entity submits information concerning the processing of personal data
before establishing a business relationship or making an occasional transaction with
them. General information on the duties and obligations of the obliged entity upon
processing personal data for the AML/CFT purposes is given among this information.
18.RESPONSIBLE MANAGEMENT BOARD MEMBER AND CONTACT PERSON
2418.1.Where the obliged entity has more than one management board member, the obliged
entity appoints a responcible management board member who is in charge of
implementation of this Act and legislation and guidelines adopted on the basis thereof.
The obliged entity who is not a credit institution or financial institution may appoint a
compliance officer for performance of AML/CFT duties and obligations. Where no
compliance officer has been appointed, the duties of a compliance officer are performed
by the management board of the legal person, appointedresponcible management board
member, the director of the branch of the foreign company registered in the Estonian
commercial register or a self-employed person.
18.2.An employee or a structural unit may perform the duties of a compliance officer. Where
a structural unit performs the duties of a compliance officer, the head of the respective
structural unit is responsible for performance of the given duties. The Financial
Intelligence Unit and the competent supervisory authority are informed of the
appointment of a compliance officer.
18.3.Only a person who has the education, professional suitability, the abilities, personal
qualities, experience and impeccable reputation required for performance of the duties
of a compliance officer may be appointed as a compliance officer. The appointment of a
compliance officer is coordinated with the Financial Intelligence Unit.
18.4.The Financial Intelligence Unit has the right to receive information from a compliance
officer or compliance office candidate, their employer and state databases for the
purpose of verifying the suitability of the compliance officer or compliance officer
candidate. Where, as a result of the check carried out by the Financial Intelligence Unit,
it becomes evident that the person’s reliability is under suspicion due to their past acts
or omissions, the person’s reputation cannot be considered impeccable and the obliged
entity may extraordinarily terminate the compliance officer’s employment contract due
to the loss of confidence. Where the duties of a compliance officer are performed by a
structural unit, the provisions of this subsection are applied to each employee of the
structural unit.
18.5.The duties of a compliance officer include, inter alia:
1) organisation of the collection and analysis of information referring to unusual
transactions or transactions or circumstances suspected of money laundering or terrorist
financing, which have become evident in the activities of the obliged entity;
2) reporting to the Financial Intelligence Unit in the event of suspicion of money
laundering or terrorist financing;
3) performance of other duties and obligations related to compliance with the
requirements of the AML/CFT.
18.6.A compliance officer has the right to:
1) execute the transactions and monitore it’s compliance with the legislation of the
Republic of Estonia and with this guidence;
252) receive data and information required for performance of the duties of a compliance
officer;
3) make proposals for organisation of the process of submission of notifications of
suspicious and unusual transactions;
4) demand that a structural unit of the obliged entity eliminate within a reasonable time
deficiencies identified in the implementation of the AML/CFT requirements;
5) receive training in the field.
18.7.The contact person can transfer the information or data that has become known to him in
connection with the suspicion of money laundering only:
1) The Financial Intelligence Unit;
2) authority conducting an investigation in connection with the criminal case;
3) court on the basis of a court order or a court decision.
18.8.Each employee of the obliged entity must inform the contact person about all cases of
refusal to establish commercial relationship on the basis of the AML/CFT, on suspicion
of money laundering or unusual transactions, cases of emergency refusal from the
current contract.
18.9.Wherein the course of economic or professional activitiesthe facts are established whose
characteristics refer to the use of criminal proceeds or terrorist financing or with regard
to which the obliged entity suspects or knows that it constitutes money laundering or
terrorist financing, the obliged entity must report it to the Financial Intelligence Unit
immediately, after identifying the activity or facts or after getting the suspicion(Annex
1)and instructions issued by the Financial Intelligence Unit concearning suspecions of
terrorist financing transactions. (Annex 2).
19.OBLIGATION TO REPORT OF SUSPECTED MONEY LAUNDERING AND
TERRORIST FINANCING
19.1.Where the obliged entity identifies in economic or professional activities, a professional
act or provision of a professional service an activity or facts whose characteristics refer
to the use of criminal proceeds or terrorist financing or to the commission of related
offences or an attempt thereof or with regard to which the obliged entity suspects or
knows that it constitutes money laundering or terrorist financing or the commission of
related offences, the obliged entity must report it to the Financial Intelligence Unit
immediately, but not later than within two working days after identifying the activity or
facts or after getting the suspicion. The above mentioned is applied also where a
business relationship cannot be established, a transaction or operation cannot be made
or a service cannot be provided, and upon occurrence of the circumstances specified in
§§ 42 and 43 of the AML/CFT.
19.2.The obliged entity, except for a credit institution, immediately but not later than two
working days after the making of the transaction, notifies the Financial Intelligence Unit
of each learned transaction whereby a pecuniary obligation of over EUR 32 000 or an
26equal sum in another currency is performed in cash, regardless of whether the
transaction is made in a single payment or in several linked payments over a period of
up to one year. The credit institution notifies the Financial Intelligence Unit
immediately, but not later than two working days after the making of the transaction
about each foreign exchange transaction of over EUR 32 000 made in cash where the
credit institution does not have a business relationship with the person participating in
the transaction.
19.3.The obliged entity immediately submits to the Financial Intelligence Unit all the
information available to the obliged entity, which the Financial Intelligence Unit
requested in its enquiry.
19.4.The duty to report, as mentioned in this section, does not apply to other legal service
provider, provider of accounting services or provider of advisory services in the field of
accounting or taxation where they assess the customer’s legal situation, defend to
represent the customer in court, intra-authority or other such proceedings, including
where they advise the customer in a matter of initiation or prevention of proceedings,
regardless of whether the information has been obtained before, during or after the
proceedings.
19.5.Where the obliged entity suspects or knows that terrorist financing or money laundering
or related criminal offences are being committed, the making of the transaction or
professional act or the provision of the official service must be postponed until the
submission of a report that is mentioned in this section. Where the postponement of the
transaction may cause considerable harm, it is not possible to omit the transaction or it
may impede catching the person who committed possible money laundering or terrorist
financing, the transaction or professional act will be carried out or the official service
will be provided and a report will be submitted the Financial Intelligence Unit
thereafter.
19.6.Where relevant, the Financial Intelligence Unit gives obliged entities feedback on their
performance of the duty to report and on the use of the received information.
19.7.Place and form of performance of duty to report:
1) a report is submitted to the Financial Intelligence Unit of the contracting state of the
European Economic Area Agreement on whose territory the obliged entity was
established, is seated or provides the service;
2) a report is submitted via the online form of the Financial Intelligence Unit or via the
X-road service;
3) the data used for identifying the person and verifying the submitted information and,
if any, copies of the documents are added to the report;
4) requirements for the contents and form of a notice submitted to the Financial
Intelligence Unit and the guidelines for the submission of a report are established by
a regulation of the minister responsible for the field.
2719.8.The obliged entity, a structural unit of the obliged legal entity, a member of a
management body and an employee is prohibited to inform a person, its beneficial
owner, representative or third party about a report submitted on them to the Financial
Intelligence Unit, a plan to submit such a report or the occurrence of reporting as well as
about a precept made by the Financial Intelligence Unit based on §§ 57 and 58 of the
AML/CFT or about the commencement of criminal proceedings. After a precept made
by the Financial Intelligence Unit has been complied with, the obliged entity may
inform a person that the Financial Intelligence Unit has restricted the use of the person’s
account or that another restriction has been imposed.
19.9.The above mentioned prohibition provided for in subsection 1 of this section is not
applied upon submission of information to:
1) competent supervisory authorities and law enforcement agencies;
2) credit institutions and financial institutions in between themselves where they are
part of the same group;
3) institutions and branches that are part of the same group as the person specified in
subsection 2 of this section where the group applies group-wide procedural rules and
principles in accordance with § 15 of the AML/CFT;
4) a third party who operates in the same legal person or structure as an obliged entity
who is other legal service provider, provider of accounting services or provider of
advisory services in the field of accounting or taxation and whereby the legal person
or structure has the same owners and management system where joint compliance is
practiced.
19.10.The above mentioned prohibitiondoes not apply to the exchange of information in a
situation where it concerns the same person and the same transaction that involves two
or more obliged entities that are credit institutions, financial institutions, enforcement
officers, bankruptcy trustees, auditors, attorneys or other legal service providers,
providers of accounting services or providers of advisory services in the field of
accounting or taxation located in a contracting state of the European Economic Area
Agreement or in a country where requirements equal to those of Directive (EU)
2015/849 of the European Parliament and of the Council are in force, act in the same
field of profession and requirements equal to those in force in Estonia are implemented
for keeping their professional secrets and protecting personal data.
19.11.Where other legal service provider, provider of accounting services or provider of
advisory services in the field of accounting or taxation convinces a customer to refrain
from unlawful acts, it is not deemed violation of the prohibition provided forin this
section.
19.12.The exchange of information regulated in this section must be retained in writing or in a
form reproducible in writing for the next five years and information is submitted to the
competent supervisory authority at its request.
2820.IMPLEMENTATION OF INTERNATIONAL SANCTIONS
20.1.The objective of the national imposition of international sanctions and the
implementationthereof is, in compliance with the United Nations Charter, to maintain or
restore peace, prevent conflicts and reinforce international security, support and
reinforce democracy, follow the rule of law, human rights and international law and
achieve other objectives of the common foreign and security policy of the European
Union.For the purposes of this guidelines international sanction means a measure which
is not related to the use of armed forces and the imposition thereof has been decided by
the European Union, the United Nations, another international organisation or the
Government of the Republic to achieve the objectives provided for in above sections.
20.2.The subject of international sanction is:
1) a state, a certain territory, a territorial unit, a regime, an organisation, an association
or a group against whom the measures prescribed by the act on the imposition of
international sanctions are taken;
2) a natural or legal person, an agency, a civil law partnership or any other entity which
is directly specified in the act on the imposition or implementation of international
sanctions and with regard to whom the measures prescribed therein are taken.
20.3.A person having specific obligations who shall have specific obligations shall be:
1) a credit institution within the meaning of the Credit Institutions Act;
2) a provider of currency exchange service within the meaning of the Money
Laundering and Terrorist Financing Prevention Act;
3) an e-money institution within the meaning of the Payment Institutions and E-money
Institutions Act;
4) a payment institution within the meaning of the Payment Institutions and E-money
Institutions Act;
5) a provider of alternative means of payment service within the meaning of the Money
Laundering and Terrorist Financing Prevention Act;
6) an insurer and insurance intermediary within the meaning of the Insurance Activities
Act;
7) an investment fund established as a management company and a public limited
company within the meaning of the Investment Funds Act;
8) account manager;
9) a member of the securities settlement system and an investment firm within the
meaning of the Securities Market Act;
10) a savings and loan association within the meaning of the Savings and Loan
Associations Act;
11) other financial institution within the meaning of the Credit Institutions Act;
12) abranch of a service provider of a foreign state registered in the Estonian
Commercial Register providing the same type of service as the institutions specified in
this clause.
2920.4.A person having specific obligations who provides legal services is required to use all the
same methods as other persons with specific obligations, except that they have the right
to refuse to apply internal procedural rules and from the control as appointed by the
contact person. Persons with specific obligations who are involved in providing services
are considered also other persons, who provide other legal services,the customer in a
financial or immovable property transaction on behalf of and at the expense of the
customer, instructing the planning or implementation of the transaction or carrying out a
professionalact which is related to:
1) the purchase or sale of immovable property or a business or shares of a company;
2) the management of the money, securities of other assets of the customer;
3) the opening or management of bank or securities accounts;
4) obtaining the necessary funds for establishment, operation or management of a
company;
5) the establishment, operation or management of the trust fund, company or any other
such kind of entity.
20.5.Upon entry into force of an act on the imposition or implementation of international
financial sanctions a natural person and a legal person shall take measures to fulfill the
obligations arising there from and shall demonstrate due diligence to ensure the
achieving of the objective of the international financial sanction and shall avoid breach
of a sanction. A natural and legal person who has doubts or who knows that a person,
who is in business relations or is making a transaction or carrying out a proceeding with
him or her, as well as a person intending to create business relations, make a transaction
or carry out a proceeding with him or her, is a subject of international financial sanction,
shall immediately notify the Financial Intelligence Unit of the identification of the
subject of international financial sanction, of the doubt thereof and of the measures
taken.
20.6.In his or her economic or professional activity a person having specific obligations shall
draw special attention to the person who is in business relations or is making a
transaction or carrying out a proceeding with him or her, as well as to the activities of
the person intending to create business relations, make a transaction or carry out a
proceeding with him or her and to the facts which refer to the possibility that the person
is a subject of international financial sanction.
20.7.A person having specific obligations shall regularly follow the webpage specified by the
Financial Intelligence and shall immediately take measures provided for in the act on
the imposition or implementation of the international financial sanction in order to
ensure the achievement of the objective of the international financial sanction and
prevent breach of the international financial sanction.
20.8.Upon entry into force of an act on the imposition or implementation of international
financial sanction, the amendment, repeal or expiry thereof, a person having specific
obligations or a person authorized by him or her shall immediately check whether a
30person with whom he or she is in business relations or is making a transaction or
carrying out an act, as well as a person intending to create business relations, make a
transaction or carry out an act is a subject of international financial sanction with regard
to whom the financial sanction is imposed, amended or terminated.
20.9.If an act on the imposition or implementation of international financial sanction is
repealed, expires or is amended in such a manner that the implementation of the
international financial sanction with regard to the subject of the international financial
sanction is terminated wholly or partially, the person having specific obligations shall
terminate the implementation of the measure to the extent provided for in the act on the
imposition or application of the international financial sanction.
20.10.A person having specific obligations shall establish the rules of procedure in a written
form or in a form which can be reproduced in a written form for the implementation of
international financial sanction and the fulfillment of the obligations arising from this
Act and the procedure for supervision of the fulfillment thereof and shall designate a
person in charge of the implementation of international financial sanction, whose
contact information he or she shall forward to the supervisor.
20.11.Based on the International Sanctions Act, persons with specific obligations must
perform additional methods of customer due diligence in order to find out whether the
international sanctions are necessary. To do this, the persons mentioned above are
obliged:
1) apply additional customer due diligence measures in establishing partnerships and in
making transactions with customers and in relation to the circumstances of the
transaction (including in relation to the other party of the transaction);
2) credit and financial institutions have to pay attention to trade finance in respect of all
transactions in all circumstances with respect to parties and circumstances (including
goods), ensuring the implementation of international sanctions;
3) follow in their activities, for information on international sanctions and the relevant
lists on the Financial Intelligence Unit website;
4) report on the identification of the subject of economic sanctions and on the
application on this basis of economic sanctions in the Financial Intelligence Unit;
5) in cases of suspicion in regard of the subject of economic sanctions to gather
additional information (including from the customer);
6) in case of continued suspicion of the subject of economic sanctions or of the
circumstances of the transaction, also in relation to the second party of the
transaction, after gathering additional information, to report the suspicion (also in the
event that additional information can not be collected) in the Financial Intelligence
Unit, and to refuse to continue the transaction and/or from the establishment of
partnerships;
7) inform the Financial Intelligence Unit about the refusal to establish a partnership or
to execute a transaction if the reason for the refusal of the transaction was possible
31participation in the regime that is under the international economic sanctions of a
person, state, transaction or goods on which the transaction is based;
8) inform the Financial Intelligence Unit of the circumstance when there is a suspicion
that the customer is directly or indirectly controlled by a subject of international
economic relations;
9) have the necessary procedural rules and contact person to apply economic sanctions;
10) to monitor the establishment of economic sanctions;
11) to secure data related to suspicion of economic sanctions and data related to the
relevant control;
12) when establishing the subject of international sanctions, it is necessary to establish
the methods which are applied to this person when imposing sanctions. It is
necessary to establish the exact sanction that is applied to the person, following the
legal act where the applied methods are described, in order to ensure the legality and
correctness of the application of measures;
13) all other persons must show all their diligence in the necessity of applying
international sanctions in the course of their activities.A natural and legal person who
has doubts or who knows that a person, who is in business relations or is making a
transaction or carrying out a proceeding with him or her, as well as a person
intending to create business relations, make a transaction or carry out a proceeding
with him or her, is a subject of international financial sanction, shall immediately
notify the Financial Intelligence Unit of the identification of the subject of
international financial sanction, of the doubt thereof and of the measures taken;
14) The Financial Intelligence Unit confirmsthe receit of the message and checks
whether the subject of economic sanctions was established correctly and whether the
customer due diligence measures wereapplied on ligitimate basis, immediately or not
later than within two working days.
20.12.Upon fulfillment of the obligations provided for in subsection (3) of this section a
person having specific obligations shall collect and preserve the following data:
1) time of inspection;
2) the name of the person who carried out inspection;
3) the results of inspection;
4) the measures taken.
20.13.If a person having specific obligation or a person authorized by him or her has doubts if
the person having business relations or making a transaction or carrying out a
proceeding with him or her, as well as a person intending to create business relations,
make a transaction or carry out an act with him or her, is a subject of international
financial sanction, he or she shall ask additional information from that person for the
identification thereof. If a person who is in business relations or is making transactions
or is carrying out acts with the person having specific obligations, as well as a person
who intends to create business relations, make a transaction or carry out an act, refuses
32to provide additional information or it is impossible to identify by means thereof if the
person is a subject of international financial sanction, the person having specific
obligations or a person authorized by him or her shall refuse to make a transaction or
act, shall take measures provided for in the act on the imposition or implementation of
international financial sanction and shall notify immediately the Financial Intelligence
Unit of his or her doubts and of the measures taken.
20.14.Upon entry into force of an act on the imposition or implementation of international
financial sanctions the obliged entity’s employees shall take measures to fulfill the
obligations arising therefrom and shall demonstrate due diligence to ensure the
achieving of the objective of the international financial sanction and shall avoid breach
of a sanction.
20.15.The obliged entity’s employee who has doubts or who knows that the customer, who is
in business relations or is making a transaction or carrying out a proceeding with him or
her, as well as a person intending to create business relations, make a transaction or
carry out a proceeding with him or her, is a subject of international financial sanction,
shall immediately notify the Financial Intelligence Unit of the identification of the
subject of international financial sanction, of the doubt thereof and of the measures
taken.
20.16.In his or her economic activitythe obliged entity’s employeeshall draw special attention
to the person who is in business relations or is making a transaction or carrying out a
proceeding with the obliged entity’s employee, as well as to the activities of the person
intending to create business relations, make a transaction or carry out a proceeding with
him or her and to the facts which refer to the possibility that the person is a subject of
international financial sanction.
20.17.If the obliged entity’s employee or a person authorized by him or her has doubts if the
person having business relations or making a transaction or carrying out a proceeding
with him or her, as well as a person intending to create business relations, make a
transaction or carry out an act with him or her, is a subject of international financial
sanction, he or she shall ask additional information from that person for the
identification thereof and report to the obliged entity’s management board that shall
require the additional information regarding the person against whom a suspicion
arised.
20.18.If a person who is in business relations or is making transactions or is carrying out acts
with the obliged entity, as well as a person who intends to create business relations,
make a transaction or carry out an act, refuses to provide additional information or it is
impossible to identify by means thereof if the person is a subject of international
financial sanction, the obliged entityor a person authorized by him or her shall refuse to
make a transaction or act, shall take measures provided for in the act on the imposition
or implementation of international financial sanction and shall notify immediately the
Financial Intelligence Unit of his or her doubts and of the measures taken.
3320.19.If an act on the imposition or implementation of international financial sanction is
repealed, expires or is amended in such a manner that the implementation of the
international financial sanction with regard to the subject of the international financial
sanction is terminated wholly or partially, the obliged entity’s employeeshall terminate
the implementation of the measure to the extent provided for in the act on the
imposition or application of the international financial sanction.
20.20.European Union sanctions against countries can be found on the website: https://
www.sanctionsmap.eu/#/main; the sanctions of the European Union and the United
Nations regarding subjects can be checked on the website of the Financial Intelligence
Unit: https://www.politsei.ee/et/organisatsioon/rahapesu/finantssanktsiooni-subjektiotsing-ja-muudatused-sanktsioonide-nimekirjas/.
21.MONITORING THE EXECUTION OF THE PROCEDURAL RULES
21.1.The Financial Intelligence Unit and/or other competent bodies and institutions authorized
by the relevant laws exercise the supervision overthe obliged entity’smanagement board
performance of the claims arising from the AML/CFT and legal acts issued on its basis.
21.2.The management board of the obliged entity, the responsible member of the management
board or the contact person, if any, shall monitor the employees’ of the obliged entitythe
performance of claims arising from the AML/CFT and from legal acts issued on its
basis.
21.3.Competence of employees of the obliged entity in respect of compliance with the AML/
CFT and the legal acts issued on its basis:
1) in compliance with the requirements of the AML/CFT and the legal acts issued on its
basis, at the time of the performance of actions, including those related to the
application of customer due diligence measures, only those employeeswho are
authorized by the obliged entity’s management board or by a responsible member of
the management board, and who has thoroughly acquainted with the relevant
legislation, with information issued by the competent authorities, and with this
manual, and also have exhaustive knowledge in the application of AML/KYC, have
right to act and take dicisions regarding the establishement of business relationships;
2) the obliged entity’s employees and heads of structural units shall communicate in
matters and in the performance of duties arising from the AML/CFT and legal acts
issued on its basis, primarily with the contact person and, in his absence, with the
responsible member of the management board. The responsible member of the
management board always has the right to supervise the activities of the person, the
structural manager and the contact person;
21.4.The fundamentalobligations of the obliged entity’semployees and of the structural
divisions managers regarding the customer due diligence based on the AML/CFT, are as
follows:
341) The obliged entity’semployees and the structural divisions managers are required to
strictly follow:
• The Law on International Sanctions (LIS);
• Money Laundering and Terrorist Financing Prevention Act (AML/CFT);
• Directive (EU) 2015/849of the European Parliament and of the Council;
• guidance and instructions of the Financial Intelligence Unit and other competent
authorities;
• internal procedural rules and internal control requirements established by the
obliged entity’s management board;
• appropriate and lawful instuctions of the obliged entity’s management board, the
responsible member of the management board and a contact persoon;
2) in the event that the employee (or the structural unit manager) had a suspicion as to
whether any method of customer due diligence or any related criterion was being
performed (or whether the transaction or the establishment of partnerships was
authorized) – the employee (or the structural unit manager) is obliged to immediately
address to their immediate supervisor (or the structural unit manager, contact person,
responsible member of the management board) with the appropriate request and stop
the transaction or partnership relations before receiving a response to this request or
receiving orders, how to proceed in the current situation.
21.5.The obliged entity establishes the following internal control system on the basis of the
AML/CFT and the legal acts issued on it’s basis, and exercises control over the
implementation of these procedural rules and internal control requirements:
1) supervises and monitors the work of the obliged entity’s employees:
• structural manager of the employee;
• in the absence of the structural manager of the employee, a responsible member
of the management board and/or a contact person;
• the employee is obliged to submit all necessary data relating to the customer’s
identity and the partnership relations established with them,including the
customer’s personal information, data on the transaction made with the
customer, results of application of methods of customer due diligence and other
essential information, to the structural manageror, in his absence, to a
responsible member of the management board and/or to a contact person, not
later than the next working day after data collection and termination of
application of customer due diligence measures;
2) the activity of the obliged entity structural manager is monitored and controlled by
the responsible member of the management board of the obliged entity and/or the
contact person:
• the obliged entity’s structural unit manager is obligated to submit all relevant
information gathered by him or her persinally or by his or her structural unit’s
employees concerning the obliged entity’scustomers identities and the nature of
35the business relationships they create, to the relevant contact person or
responsible member of the management board, at least once a month;
3) the activities of the contact person of the obliged entity, if any, is monitored and
controlled by a responsible member of the board or the management board:
• the contact person monitors the relevant data collected by the obliged entity’s
employees and the structural unit’s manager relating to the obliged entity’s
customer identity and the the established partnership with them and secures their
safety in accordance with the relevant requirements of the AML/CFT and based
on the instructions given in this guidence. The contact person submits the
relevant reports to the responsible member of the obliged entity’smanagement
boardon a quarterly basis;
4) the activity of the responsible member of the obliged entity’s management board is
monitored and controlled by the management board or, on an exeptional basis, by the
general meeting of shareholders or by a person, structural subdivision or
authoritywhich was permanently or temporarily appointed by the general meeting of
shareholders:
• in the absence of a contact person, the responsible member of the management
board controls the relevant data transferred by the obliged entity’s employees
and the structural unit manager that relate to the obliged entity’scustomer
identity and to established partnership relations, and secures their safety in
accordance with the relevant requirements of the AML/CFT and based on the
instructions given in this guidence.
21.6.In order to fulfill the obligations arising from the AML/CFT, the obliged entity’s contact
person, the responsible member of the management board or the management board are
required to periodically inform the employees of the enterprise on changes in legislation
and on new approaches of the supervisory authorities, on the activities of an obliged
entity, on changes in risk assessments and criteria for certain customers or groups of
customers, about changes in the short or long-term enterprise doctrine, or on individual
positions and directions (according with the market situation, in accordance with the
political and economic situation, in connection with the orders of supervisory
authorities, etc).
21.7.Violation of the duties of customer due diligence measures arising from the AML/CFT,
failure to comply with the orders of a responsible member of the management board, the
management board or the contact person, or not informing the Financial Intelligence
Unit about suspected money laundering or financing of terrorism, either directly or
through the structural unit manager, is sufficient basis to initiate disciplinary
proceedings against the employee and/or in relation to the structural unit manager and
for the termination of the employment.
21.8.The obliged entity’s management board must ensure that sufficient resources are
allocated in order to ensure compliance with requirements of the AML/CFT and of this
36guidance, and that employees who are involved in performing the requirements of the
AML/CFT do act only on the condition that they are fully acquainted with the
requirements of the AML/CFT and these guidance.
21.9.The obliged entity is not required to conduct an internal audit, except when required by a
responsible member of the management board, the management board or by a general
meeting of shareholders, or when the conduct of internal audit is required by law.
These internal rules of procedure and internal control rules on the prevention of money
laundering and the financing of terrorism were adopted and approved on 26.10.2019 by the
decision of the management board.
Fabio Pastore
Member of the board
Signature:_______________________
CONTACT DETAILS OF THE FINANCIAL INTELLIGENCE UNIT
Address: Eesti Vabariik, Harju maakond, Tallinn, Tööstuse tänav 52, 10416
General phone: (+372) 612 3840
Fax: (+372) 612 3845
E-mail: rahapesu@politsei.ee
Web: https://www.politsei.ee/et/organisatsioon/rahapesu/
37LIST OF COMPULSORY SITES
Electronic form for submitting reports to the Financial Intelligence Unit:
https://www.politsei.ee/et/organisatsioon/rahapesu/saada-teade.dot
Search for subjects of international sanctions of the European Union and the United
Nations:
https://www.politsei.ee/et/organisatsioon/rahapesu/finantssanktsiooni-subjekti-otsing-jamuudatused-sanktsioonide-nimekirjas/
Existing European Union sanctions:
https://www.sanctionsmap.eu/#/main
List of subjects of sanctions:
http://ec.europa.eu/external_relations/cfsp/sanctions/list/version4/global/e_ctlview.html
Review of existing sanctions:
http://eeas.europa.eu/cfsp/sanctions/docs/measures_en.pdf
Member States of the European Union and the contracting states of the European
Economic Area Agreement:
http://elik.nlib.ee/pohifakte-euroopa-liidust/liikmesriigid-euroopa-majanduspiirkonna-riigid
List of high risk countries:
http://www.fatf-gafi.org/countries/#high-risk
Samples of apostils from different countries:
http://eng.profperevod.ru//corporative/apostil/apsample/?url=eng/corporative/apostil/
apsample/
Control of validity of the documents:
https://www.politsei.ee/et/teenused/e-paringud/dokumendi-kehtivuse-kontroll/
Electronic register for verification of valid identity documents and travel documents:
http://www.consilium.europa.eu/prado/ET/prado-start-page.html
Sources for verification of politically exposed persons of local level: https://
www.politsei.ee/et/organisatsioon/rahapesu/kasulikku/
The NameScan database, which contains data of politically exposed persons of
nationallevel of foreign states: https://namescan.io/FreePEPCheck.aspx
Database of politically exposed persons of national level of Ukraine:
https://pep.org.ua/en/
Other useful information and websites:
https://www.politsei.ee/et/organisatsioon/rahapesu/kasulikku/
38ANNEXES
The following annexes are an integral part of the internal rules of procedure and internal
control rules:
1. Guidelines for management and prevention of risks related to customers and their
actions.
2. Model of customer’s risk level assessment.
3. Risk и risk threat, arising from the activities of the obliged entity.
4. Money Laundering and Terrorist Financing Prevention Act, RT I, 17.11.2017, 38.
5. International Sanctions Act, RT I, 17.11.2017, 39.
6. Directive (EU) 2015/849 of the European Parliament and of the Council.
7. Form and content of the report submitted to the Financial Intelligence Unit and a
guidence to completing it, RT I, 01.12.2017, 20.
8. Form of the report submitted to the Financial Intelligence Unit.
9. A guidence to completing the report submitted to the Financial Intelligence Unit.
10. The Financial Intelligence Unit guide for the application of International Sanctions.
11. Recommended guidance of the Financial Intelligence Unit establishing the evidence of
money laundering.
12. Recommended guidance of the Financial Intelligence Unit establishing the evidence of
financing of terrorism.
13. Delivered Decision (EU) 2016/1675 of the Commission of the Council of Europe, of
14.07.2016, which is complementing the Directive (EU) 2015/849 of the Parliament of
Europe and the Council, where they precisely identify third countries with high risk,
where there are strategic shortcomings.
14. List of foreign officials whose certified power of attorney is equal to the Estonian
notary’s certified power of attorney, RT I, 10.11.2010, 5.
15. Common position of the European Union adopted with regard to countries equal to
third countries.