Anti-Money Laundering, Counter-Terrorist and Sanctions Policy
This Policy sets out our principles and standards for compliance and management of risks associated with financial crime. The Individual (assisted by the Compliance Manager and legal advisers) have overall responsibility for compliance and management of risks associated with financial crime in the business.
This document is referred to as the Anti-Money Laundering (AML), Counter-Terrorist Financing (CTF) and Sanctions Policy. The purpose of this Policy is to:
- comply with any legal requirements to prevent any part of our business from being used for financial crime
- ensure we take the most appropriate action to mitigate the risks associated with financial crime.
This Policy outlines some of the legal requirements related to financial crime, as well as internal measures which we have established. Our business does not fall within the definition of "Financial Institution" (FI) nor within any of the categories of "Designated Non- Financial Businesses and Professions" (DNFBPs) nor as Virtual Asset Service Providers (VASPs) under any applicable legislation. Therefore we are not legally required to have this policy or procedures. However, we aim to ensure compliance with this policy as a matter of best practice even if not legally required.
This policy is subject to copyright and may not be copied or used or adapted for use by anyone else without written licence from us. We may use search tools to check for unlicensed copies of our materials.
"We" "our" or "us" refers to Squid, the business name used by Elise Billy (the Individual) who is registered as an Individual Entrepreneur in Tbilisi, Georgia with registered business address at 41 Zakaria Paliashvili Street, Entrance 1, Tbilisi, Georgia.
We are responsible for this website. You can contact us via Contact Us.
This policy applies to everyone when working for us, with us or on our behalf in any capacity, including employees at all levels, owners, licensees, agency or seconded workers, interns, agents, contractors, consultants, service providers, third-party representatives and business partners.
This Policy is not only aimed at complying with any relevant legal requirements, but also to mitigate and reduce the potential risk to the business of anyone using any part of our business, services, documentation or assets to launder the proceeds of illegal activity, fund terrorist activity or conduct prohibited financial sanctions activity (these offences are "financial crime").
The need for anti-money laundering, counter-terrorist funding and sanctions measures is an international issue. Therefore we aim to comply where practical with international guidelines that may be applicable to us as well as with locally applicable legislation. Some of the legislation to bear in mind if relevant (this depends not only on our location in the UAE but also on the location of the source of any funds or funder) can include FATFC from the USA, UK anti-money laundering regulations and guidelines, UAE Decree Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations and its associated regulations and guidelines, EU Directive on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing. These are just a few examples. It is important to refer to relevant government websites for updated guidance and references.
For sanctions, it is also important to refer to updated lists as they change. Some that may be relevant depending on the nature and location of a transaction include:
- Georgia sanctions list;
- The UK HM Treasury (HMT), Office of Financial Sanctions Implementation, "consolidated list of targets";
- The United Nations (UN) Security Council consolidated sanctions list;
- The EU's consolidated list of persons, companies and entities;
- The US Department of the Treasury, Office of Foreign Assets Control (OFAC) sanctions lists:
- The US Department of the Treasury, Financial Crimes Enforcement Network (FinCEN) list.
In broad terms, across different legislation:
Money laundering is the process that criminals use to make illegal economic gains or the proceeds of criminal activities appear legal, or to conceal its true origin or ownership.
Terrorist financing relates to the raising or holding or providing of funds (directly or indirectly) with the intention that those funds should be used to carry out activities defined as acts of terrorism.
Sanctions (which can take various forms including financial, trading or other sanctions) are measures imposed by national governments and multinational bodies which seek to alter the behaviour and decisions of other national governments or non-state actors that may threaten national or international security or violate international norms of behaviour (such as human rights violations).
As a responsible business we are committed to supporting both domestic and international efforts and initiatives aimed at combating money laundering and the financing of terrorism in addition to implementing such internal measure as may be deemed necessary. In addition, we are committed to complying with all applicable sanctions in accordance with legislation applicable to us.
This policy together with the implementation and operation of the procedures and controls in it, reflects our commitment in this regard. We are willing to co-operate as part of any effort in combating money laundering and / or the financing of terrorism to the extent required and permitted with:
- Government agencies
- Recognized law enforcement agencies, domestic or foreign
We will use a "Risk Based Approach" which refers to the assessment of financial crime and implementation of measures to reduce or mitigate the risk of financial crime. As a result, we will allocate and prioritise resources according to where the most effective risk mitigation is required.
Responsibility of all employees. All personnel must comply with this policy and with any processes, procedures, checks, communications or instructions from senior management or the Individual in relation to the topics covered by this Policy. An employee's failure to comply with this policy may result in disciplinary sanctions, including suspension or termination. It is therefore the responsibility of everyone to understand and comply with this policy.
Compliance Manager. The Compliance Manager who is responsible, in collaboration with legal advisers, for:
- Administering the AML / CTF programme;
- Helping personnel implement the AML / CTF programme and related best practices;
- Planning, developing, and prescribing AML / CTF policies, processes, checks, systems, standards, and procedures;
- Reviewing and reconciling this Policy with other policies of ours for example to ensure that data protection and privacy policies are also followed (although data protection and privacy may not be used as a reason not to comply with legal requirements in relation to AML / CTF);
- Providing or arranging guidance, training, monitoring and updating in relation to this policy.
Identity of Compliance Manager. We have designated the Individual as the Compliance Manager, but if they are not available then the Compliance Manager role is covered by any senior manager.
The clients and other parties to transactions that we deal with are based internationally, in particular in the UK and United Arab Emirates. If large transactions are involved, there is an enhanced risk of financial crime. Therefore the Compliance Manager must regularly undertake a business-wide risk assessment on financial crime describing the inherent financial crime risks of the business, the control environment to mitigate such risks, and the residual financial crime risk.
The business-wide risk assessment on financial crime represents an important measure for us to meet the requirements of the risk based approach.
There are tools that all of us can use to assess, including guidances from government authorities and industry bodies. These can include for example industry associations as well the Goergia authorities, the UAE office for AML and CTF and the UK government websites. These sources should be checked regularly, and any processes or measures recommended should be implemented.
We will not accept either natural person or legal entities as clients or suppliers if they are subject to sanctions that prohibit this. In order to comply with sanctions regulations, we must be able to verify the identity of our clients (see later section) and must review and check the applicable sanctions lists.
We must discontinue the relationship and any services with anyone who is an existing client or supplier if they later become subject to applicable sanctions.
We will take all relevant steps to discontinue the provision of products and services to anyone (natural persons or legal entity) where we suspect that they will use our products or services or our business and its systems for financial crime.
We may conduct due diligence on clients, often referred to as "Know Your Client" or "KYC". We do not have formal legal obligations to do this, but should follow best practice where possible, whilst weighing up the processes with data protection and privacy.
The Compliance Manager will notify the processes to bring on new clients or to conduct due diligence on other interested parties to a transaction. This will be based on our risk-based approach.
Where appropriate or required, we must endeavour to clarify the ultimate beneficial ownership and control of legal entities. In cases where controls and/or ownership exceeds 25%, the identity of those beneficial owners must be verified.
We must comply with guidelines and legislation in Georgia in relation to client due diligence / KYC which may include (as examples only) verifying identity, addresses, visas, passports, government ID, source of funds, beneficial ownership and contact details.
Screening of politically exposed persons
If required by law, in order to ensure that all natural persons defined as politically exposed persons (PEPs) are identified and registered in our systems as such, a PEP screening process should be conducted when natural persons are brought in as a client and then checked on a regular basis. There are useful guidelines and summaries on the Law Society website of the UK on how best to manage this process and with relevant links.
If required by law, we must perform enhanced due diligence and on-going due diligence measures proportionate with the risk scoring of a client. PEPs should be categorised as high risk clients. High risk clients will be subject to enhanced due diligence and annual on-going due diligence. On-going due diligence processes should also be applied to all existing clients.
Our IT systems and cloud solutions and workflows must be designed to ensure that robust internal controls of client due diligence are maintained.
This requires strong data quality and, where possible, automatic on-going due diligence between public registries and our IT systems in relation to client data. Data quality should be measured and reported as a key performance indicator.
We apply a risk-based approach to transaction monitoring. You should evaluate whether the activities of a client (their transactions and / or their general behaviour) is consistent with the stated nature and intent of their relationship. As part of the transaction monitoring, we must investigate further any activities that are deemed to be "unusual" with regard to the stated position of the client.
You must report any unusual or potentially suspicious transactions to the Compliance Officer.
The Individual must determine key performance indicators and develop management information requirements and processes to gain insight into and satisfaction with the effectiveness of the AML / CTF framework and processes.
The Compliance Manager will report on our AML, CTF and sanctions compliance measures and on compliance with this policy on an annual basis (as a minimum) to the Individual if the Individual is not the Compliance Manager.
The foundation for a robust internal control environment towards client due diligence and enhanced due diligence requires electronic retention of the material received for the purposes of client due diligence, on-going due diligence and / or enhanced due diligence. The archiving must be completed in a manner making it available to all employees having appropriate access to the client in question (within the our existing IT solution). We implement measures for other accepted electronic ways of verifying identities which may include outsourced services
Documentation must be kept during the lifetime of the client's relationship with us and at least five years after termination of the client relationship. This needs to be balanced with data protection and privacy requirements and must always be subject to information security measures.
You should notify any unusual or suspicious activity or transactions to the Compliance Officer. The Compliance Officer, supported by legal advisers, will assess whether the described activities or transactions are genuinely suspicious and warrant the filing of a "suspicious activity report" (SAR) or other notification to the relevant local authorities or police.
In Georgia, UK and UAE, we do not fall within the category of business that is required to have money laundering supervision or that makes use of the government's online systems for AML. Therefore if the Compliance Officer decides to make a report or disclosure about an incident, they should do this by making a Suspicious Activity Report ("SAR") to the HMRC Fraud Hotline.
For any other relevant territory, official government websites should be consulted for the correct procedure and mechanism for making a SAR.
We do not tolerate any breach of the requirements of this Policy or related procedures. Any material or systemic breaches or suspected breaches should be reported to the Compliance Manager. No one reporting any such suspected breach will be subject to adverse consequences as a result of the report.
We keep this Policy under review. The date that it was last updated is set out below. As a result of our reviews, we reserve the right to make changes to this Policy. The current version of this Policy is the one published at the relevant time on our internal portal or is distributed to personnel or is in a handbook.
© Elise Billy t/a Squid 2024 - no copying permitted
Version Date: 01.02.24