Created 18/05/2018
Updated 01/06/2018

Terms for issuing KYC-code

Procedural rules of person’s identification and risk level assessment

1. General terms and definitions

1.1. The goal of the Procedural rules of person’s identification and risk level assessment (hereinafter – “Procedural rules”) is to lay down rules on countering the use of property obtained by criminal means for money-laundering and the financing of terrorism when one connects to business-partners’ services.
1.2. The purpose of the Procedural rules is to provide the person, which wants to become a client of KYC Center with comprehensive information on the principles of person’s verification in KYC Center, the pillars of person’s risk level assessment, the importance and necessity of data provided to KYC Center, the techniques of data analysis and personal data storage system. The present Procedural rules are useful in mitigating and managing risks of money laundering and terrorism financing, given the categories of risks assigned by an obligated person.
1.3. KYC Center affirms that these Procedural rules shall apply to all clients in size and scope that are defined by the Procedural rules.
1.4. When applying the Procedural rules, KYC Center takes into consideration requirements of the current legislation of the Republic of Estonia and regulations of the EU. The implementation of the Procedural rules should be based on the principle of reasonability, given the goal of KYC Center and these Procedural rules. They also should be applied by the obligated person acting with due diligence in good faith.
1.5. Money laundering encompasses such acts as:

  1. the conversion or transfer of property derived from criminal activity or property obtained instead of such property, knowing that such property is derived from criminal activity or from an act of participation in such activity, for the purpose of concealing or disguising the illicit origin of the property or of assisting any person who is involved in the commission of such an activity to evade the legal consequences of that person’s actions;
  2. the acquisition, possession or use of property derived from criminal activity or property obtained instead of such property, knowing, at the time of receipt, that such property was derived from criminal activity or from an act of participation therein;
  3. the concealment or disguise of the true nature, source, location, disposition, movement, rights with respect to, or ownership of, property derived from criminal activity or property obtained instead of such property, knowing that such property is derived from criminal activity or from an act of participation in such an activity;
  4. the participation in, association to commit, attempts to commit and aiding, abetting, facilitating and counselling the commission of any of the activities referred to above. Money laundering is regarded as such also where a criminal activity which generated the property to be laundered was carried out in the territory of another country.

1.6. Terrorist financing - the financing and supporting of an act of terrorism and commissioning thereof within the meaning of § 237 of the Estonian Penal Code.
1.7. Politically Exposed Person means a natural person who is or who has been entrusted with prominent public functions including a head of State, head of government, minister and deputy or assistant minister; a member of parliament or of a similar legislative body, a member of a governing body of a political party, a member of a supreme court, a member of a court of auditors or of the board of a central bank; an ambassador, a chargé d'affaires and a high-ranking officer in the armed forces; a member of an administrative, management or supervisory body of a State-owned enterprise; a director, deputy director and member of the board or equivalent function of an international organisation, except middle-ranking or more junior officials. See the Money Laundering and Terrorist Financing Prevention Act § 3 (11).
1.8. Local Politically Exposed Person - a person specified in paragraph 1.7 of this section who is or who has been entrusted with prominent public functions in Estonia, another contracting state of the European Economic Area or an institution of the European Union. See the Money Laundering and Terrorist Financing Prevention Act § 3 (12).
1.9. Family member - the spouse, or a person considered to be equivalent to a spouse, of a politically exposed person or local politically exposed person; a child and their spouse, or a person considered to be equivalent to a spouse, of a politically exposed person or local politically exposed person; a parent of a politically exposed person or local politically exposed person. See the Money Laundering and Terrorist Financing Prevention Act § 3 (13) .
1.10. Person known to be close associate - a natural person who is known to be the beneficial owner or to have joint beneficial ownership of a legal person or a legal arrangement, or any other close business relations, with a politically exposed person or a local politically exposed person; and a natural person who has sole beneficial ownership of a legal entity or legal arrangement which is known to have been set up for the de facto benefit of a politically exposed person or local politically exposed person. See the Money Laundering and Terrorist Financing Prevention Act § 3 (14).
1.11. Beneficial owner – a natural person who, taking advantage of their influence, makes a transaction, act, action, operation or step or otherwise exercises control over a transaction, act, action, operation or step or over another person and in whose interests or favour or on whose account a transaction or act, action, operation or step is made. In the case of companies, a beneficial owner is a natural person who ultimately owns or controls a legal person through direct or indirect ownership of a sufficient percentage of the shares or voting rights or ownership interest in that person, including through bearer shareholdings, or through control via other means.Direct ownership is a manner of exercising control whereby a natural person holds a shareholding of 25 per cent plus one share or an ownership interest of more than 25 per cent in a company. Indirect ownership is a manner of exercising control whereby a company which is under the control of a natural person holds or multiple companies which are under the control of the same natural person hold a shareholding of 25 per cent plus one share or an ownership interest of more than 25 per cent in a company. Where, after all possible means of identification have been exhausted, the person specified in subsection 2 of this section cannot be identified and there is no doubt that such person exists or where there are doubts as to whether the identified person is a beneficial owner, the natural person who holds the position of a senior managing official is deemed as a beneficial owner. See the Money Laundering and Terrorist Financing Prevention Act § 9.
1.12. High-risk third country – the country identified as such by the Commission based on the Art. 9 (2) of the Directive of the European Parliament and the Council №2015/849 from 15.05.2015. To date, these include Afghanistan, Bosnia and Herzegovina, Guyana, Iraq, Lao PDR, Syria, Uganda, Vanuatu and Yemen, Iran, The Democratic People's Republic of Korea (DPRK).

2. A risk-based approach

When applying measures that are outlined in the Procedural rules, KYC Center comes from a risk-based approach and continuously evaluates the risk of money-laundering and terrorist financing in the identification and risk level assessment of the person as well as applies enhanced measures of careful examination, where appropriate.

3. The categories of risk

3.1. When issuing the KYC-code KYC Center takes into consideration the following risk categories:
3.1.1. the risk associated with a client - risk factors arising from a person involved in a transaction;
3.1.2. the risk associated with governments, geographical areas and jurisdictions - risk factors arising from the differences in the legal environment among countries;
3.1.3. the risk associated with a client’s behavior - risk factors arising from client’s behavior and his openness to the risk of money-laundering;
3.1.4. the risk associated with channels of mediation and communication between a person under obligation and clients or with channels for transfer of good, services or transactions - risk factors arising from a way of communication or providing of service to a client that may indicate potential risks of money-laundering.

3.2. KYC Center applies three levels of risks:
The green level of risk = the KYC-code Green
The green level of risk – the person, has a low-risk level considering all risk categories indicated in paragraph 3.1.

The yellow level of risk = the KYC-code Yellow
The yellow level of risk – the person has elevated risk considering all risk categories indicated in the paragraph 3.1., but in the process of verification, he has provided complete and reliable personal data. The person has heightened risk if in the verification process it is found that he is a politically significant person. Business-partners are informed that deals with such person call for special attention.

The red level of risk = the KYC-code Red
The red level of risk – the person has a high risk considering all risk categories indicated in paragraph 3.1. A red risk level is assigned to a person, who is a subject to international sanctions, hasn’t undergone mandatory re-verification or has provided KYC Center with false data. KYC Center strongly advises to business-partners not to establish business relations with a given person.

3.3. The risk associated with a client
KYC Center considers that the risk associated with a client has increased or the high-risk level when the client is:
3.3.1. the politically exposed person, family member or the person known to be the close associate of the politically exposed person or the beneficial owner of legal/natural person / the code yellow/;
3.3.2. the legal person, the capital of which is composed of bearer shares or other bearer securities / the code red /;
3.3.3. the person regarding whom KYC Center cannot apply enhanced measures of careful examination to determine person’s identity and to verify it in a credible source; to identify person’s representative; to establish the true identity of beneficiary or ownership and control structure of a person undertaking the transaction / the code red /;
3.3.4. the natural person the actual beneficiary of whom is a third person / the code red /;
3.3.5. the legal person or other association of persons that doesn’t have status of legal person, which is involved in private asset management / the code red /;
3.3.6. the legal person, which conducts large cash transactions /the code yellow or the code red/;
3.3.7. the client or a business associated with him has nominee shareholders or bearer shares / the code red /;
3.3.8. the ownership structure of a business unit seems to be unusual or too complex given his type of activity / the code yellow or the code red /;
3.3.9. the identification of the actual beneficial owners of the legal person is complicated, due to complex and non-transparent relationships between owners / the code red /;
3.3.10. during the investigation procedure or the verification of information provided arose the suspicion over the accuracy of data provided or the authenticity of documents of the beneficial owner / the code red /;
3.3.11. the person in respect of whom KYC Center has a suspicion in money-laundering or terrorist financing, or in the course of his early business relationships there were detected suspicious actions / the code red/;
3.3.12. the person is a subject of international sanctions / the code red/;
3.3.13. the legal person, which in the course of business offers services with a high risk for money laundering to anonymous customers / the code red/;
3.3.14. the person for whom it is impossible to determine properly the origin of property or the source of funds used for the transactions, and the source of wealth / the code red/;

3.4. The persons that are subjects of international sanctions and persons about whom it is known that they are suspected to be linked with money-laundering and terrorist-financing, shall be issued only with the code red, independent of the provided documents and desired transaction limit.

3.5. KYC Center considers that the risk associated with a client has a low-risk level / the code green/ when the client is:
3.5.1. the citizen of the European Union or of the country, where the effective systems of suppressing money-laundering and the financing of terrorism are in place (see paragraph 3.6.2), whose identity is verified on the basis of identity documents, there is no doubt about the authenticity of the provided documents, the person is not a subject to sanctions or is in the list of persons associated with the financing of terrorism; the person paid for the KYC-code from his personal bank, which is in a credit institution of the EU or financial institution in the country party to the Agreement on the European Economic Area or in a third State, in respect of which apply the requirements tantamount to the requirements of the Directive (EU) 2015/849 of the European Parliament and the Council that are fulfilled under state supervision.
3.5.2. not the citizen of the country member of the EU, but is the resident, i.e. the person who has the permanent accommodation, in the country member of the EU or the country, which has the system of combating money-laundering and terrorism financing equivalent to the system of the EU (Australia, South Korea, Brazil, Mexico, Canada, Singapore, Hong Kong, Switzerland, Indis, South Africa, Japan, United States of America (the Directive 2005/60/EC).
3.5.3. the commercial association enshrined on the regulated, for whom are applicable disclosure responsibilities, which sets out the requirements for ensuring transparency in respect of beneficial ownership;
3.5.4. the legal persons of public law, who is not a subject of international financial sanctions;
3.5.5. the governmental agency or other institutions, which perform public duties of Estonia or other state that is a party to the Agreement on the European Economic Area;
3.5.6. the European Union institution;
3.5.7. the lending institution or financing institution acting on its own behalf in the state that is a party to the Agreement on the European Economic Area, in respect of which in the states of their residence there are requirements tantamount to requirements of the Directive (EU) 2015/849 of the European Parliament and the Council that are fulfilled under state supervision.
3.5.8. the desired transaction limit accounts for 15’ 000 (fifteen thousand) EUR and below within a one-year period.

3.6. If the employee of KYC Center has suspicion on money-laundering and terrorist financing regarding the person, the transaction limit or the source of funds, KYC Center reserves the right to request additional information and when necessary the proof of the origin of funds/ property or the authenticity of the documents provided / for example, the notarization of the passport or of the ID-card/. In case of not providing the additional information during 30 (thirty) calendar days, giving incomplete or incorrect information, KYC Center issues the code red. Read more about assigning and challenging the code here.

3.7. The risk associated with governments, geographical areas and jurisdictions
KYC Center considers the risk associated with governments, geographical areas higher or high, if the client is:
3.7.1. the legal person that is registered in the area with low tax rate / in the absence of other high-risk criteria – the code yellow; with other risk criteria – the code red/;
3.7.2. the person, who offers payment service as a beneficiary, forms a high-risk third country or with a place of residence or location in the high-risk third country / the code red/;
3.7.3. the person is listed by the UN or European Union as persons or territories on which sanction, embargo or other similar measure were imposed / the code red/;
3.7.4. the person from a state, which finance or supports terrorism, or in whose territories operate the terrorist organization, according to the data of the European Union or the UN / the code red/.

3.8. KYC Center considers the risk associated with governments and geographical areas low if the client is from or he has a place of residence or location in the following state, which is:
3.8.1. the party to the Agreement on the European Economic Area;
3.8.2. the third State, where there is an effective system of combating money-laundering and terrorism financing;
3.8.3. the third State, where, according to reliable sources, there is a low-risk level of corruption and crime rate;
3.8.4. the third State, where, according to reliable sources as mutual evaluation, reports and subsequently released reports, there are requirements to counter money laundering and terrorism financing that correspond to modified recommendations of the Financial Action Task Force and where they are effectively applied.

3.9. KYC Center considers the risk associated with a client’s behavior high, if:
3.9.1. the appearance and behavior of the individual in communications with the employee of KYC Center do not correspond to the nature of the ongoing interview or the conduct of the person raise suspicion, including when the person is unable to describe his possible cooperation partners or the purpose of obtaining KYC-code, and where the person is suspected to be a front person / the code red/;
3.9.2. the person is not willing to disclose the source of finance, upon request of KYC Center, but there is a reason to believe that the origin of funds is the high-risk third country / the code red/;
3.9.3. the person is not willing to disclose the real beneficiaries of the enterprise, but there are reasons to believe that they can be connected to the high-risk third countries / the code red/.

3.10. KYC Center considers risks related to service low, if:
3.10.1 the person wishing to obtain the service of identification in KYC Center is the ultimate beneficiary, and there are no other risk factors in respect of him / e.g. geographical risk/;
3.10.2. the source of money is transparent and can be documented;
3.10.3. the person provides employees of KYC Center with clear answers and explanations, if necessary.

3.11. The risk associated with channels of mediation and communication between KYC Center and clients or with channels for transfer of services
KYC Center considers the risk associated with channels of mediation and communication between a person under obligation and clients or with channels for transfer of good, services or transactions high, if:
3.11.1. The channel of communication allows staying anonymous. KYC Center does not use the commercial channel that allows the person to remain anonymous.
3.11.2. When KYC Center is unable to access to the originals of documents, the materially certified or notarized/formalized document or information from the reliable and independent resource (e.g. to request to send the copy of the document electronically) may be used to verify their identity. For this aim should be used at least two resources (e.g. to request to present the bill for telephone or communal services issued on the client’s name and the contact address provided by the client).
3.11.3. If there is a doubt about the information provided by the client, KYC Center he reserves the right to request the client to give the extract from any public register of client’s place of residence that can help to identify: the name and surname of the client, the date of birth, the personal code, ID code /if there is one/, the place of residence. The person shall provide upon request of KYC Center notarized copies of documents or certified in the equivalent order document, which is legalized or confirmed with the sign that substitutes legalisation (apostil) unless otherwise prescribed by international treaty.

3.12. KYC Center considers the risk associated with channels of mediation and communication between a person under obligation and clients or with channels for transfer of good, services or transactions low, if:
3.12.1. the person uses the electronic platform of KYC Center, and the employee doesn’t have concerns about a document/information that were sent via the platform;
3.12.2. the person confirmed through the platform that he is available through various communication channels / social networks, telephone, Skype/.

3.13. KYC Center considers risk level of the client low in general, if there is no risk factor in any risk category and it may be stated that the client and his activity correspond to attributes, that do not differ him from the person that conducts regular and transparent activity, and there is no suspicion that client’s activity may increase the likelihood of money laundering and terrorist financing. The KYC-code green is issued to the client who has a low-risk level.
3.14. KYC Center considers risk of money laundering and terrorist financing low in situations, where the application of enhanced measures of careful examination derives from legal regulations and information about the ultimate beneficiary is publicly available; where the stated activity of the person is consistent with his everyday economic activity and is not unlike payment and behavioral patterns of other similar clients. The KYC-code green is issued to the client who has a low-risk level.
3.15 KYC Center considers risk level of the client high in general if during the assessment of risk categories together, arose the suspicion that client’s activity is uncommon and lacks transparency, and there are risk factors that have an impact. Therefore it could be suggested, that the probability of money laundering and terrorist financing is high or has increased notably. The KYC-code red is issued to the client who has a high-risk level.
3.16. Taking into consideration the risk mentioned above, KYC Center determines the person’s risk level: high /the code red/, heightened /the code yellow/ or low / the code green/. KYC Center documents the risk level that was determined for the client and updates it when appropriate, and in cases established by law or present Procedural rules. In the circumstances laid down by the General terms KYC Center makes this information available to a business-partner or authorized public institutions.
3.17. If the client has a high-risk level, KYC Center shall apply enhanced measures of careful examination of the person. In the event that KYC Center assesses the size of the risk as low, then KYC Center can apply measures of careful examination in a simplified manner. KYC Center independently determines the number of measures for careful examination.
3.18. KYC Center always issues the KYC-code red, if KYC Center is unable to conduct the following measures of careful examination:
the establishment of identity of the person and its verification in a credible source;
the establishment of identity of the client’s representative;
the establishment of the actual beneficiary or determination of the ownership and control structure of the person involved in a transaction.
If KYC Center suspects money laundering or terrorist financing activity, KYC Center is obliged to issue the code red to the person.
3.19. The denial of the client to provide KYC Center with the information, which is necessary for the application of measures of careful examination, gives KYC Center the right to issue the person the KYC-code red. In granting the KYC-code red, KYC Center shall have a right to make comments for business-partners about the reasons for the issuance of the code red to the person.

4. The measures of careful examination

4.1. KYC Center always applies measures of careful examination defined by these Procedural rules for the issuing of the KYC-code to the client, assessment of his risk level, defining of predetermined transaction limit and future monitoring.
4.2. KYC Center applies the following measures of careful examination:
4.2.1. the establishment of the identity of the client and verification of information provided in a credible and independent source;
4.2.2. the establishment and verification of identity and the right of the representation of the client’s representative;
4.2.3. the establishment of the actual beneficiary and taking steps to verify his identity in the volume required for KYC Center to ensure that KYC Center is aware, who is the real beneficiary and understands ownership and control structure of the client ;
4.2.4. the receiving information whether the person is a politically exposed person, a member of his family or is considered to be his close associate;
4.2.5. the monitoring of the person in the sanctions lists.

4.3. In addition to the above-mentioned measures, KYC Center determines the place of location, activity or place of residence, profession or sphere of competence, in the case of a legal person - paid taxes, experience, and if necessary source of funds, as well as other valuable information for the assessment of the person’s risk level.
4.4. If necessary, KYC Center shall require the person to provide the documents that are necessary for the application of measures of careful examination and adequate information. If there is a suspicion, KYC Center shall ask the person to confirm by his signature the accuracy of information provided and documents, including the digital signature or by providing notarized or notarially or officially certified documents.
4.5. KYC Center certifies the correctness of data about the client and monitors the data at least once a year. If the client has a high-risk, his risk degree/profile shall be re-examined not later within six months after the issuance of the code yellow or red.
4.6. KYC Center stores the information and documents related to person’s identity in the way that allows to securely store clients’ personal data as well as enables to respond to relevant requests of an authorized body, an investigative agency or a court without reasonable delays. More details can be found here.

5. Identity processing for the issuance of the KYC-code

5.1 KYC Center identifies/ verifies the natural person and, if appropriate, the representative of the person and stores the following data on the person and his representative:
• the name and surname;
• ID or in his absence date and place of birth, as well as the place of permanent or temporary residence;
• Information on the representation right, identification and verification of the scope of that right, and if that right does not stem from the law, and also the date of the granting, name or the title of the person, who issued the document, which is the basis of the right of representation.
5.2. KYC Center identifies the natural person on the basis of the following documents:
• the passport / high-quality colour photo without the computerized manipulation /
• the ID-card of the European Union citizen or its equivalent / high-quality colour photo without the computerized manipulation /
• the client’s selfie / high-quality colour photo without the computerized manipulation /

The copy of the document provided for identification should be of such quality that allows easily understandable reading of data that it contains. The following elements should be clearly visible in the photographic image: the individual’s name, surname, date of birth and/or personal code, photo and/or image of the person’s face, signature, the validity period and the number of the document, the issuing organization, citizenship and place of birth.

5.3. KYC Center identifies the legal person by the following documents:
• the registration card of the appropriate public register;
• the certificate of registration of the appropriate public register;
• alternatively, the document that is the equivalent of the documents mentioned above.

KYC Center identifies the registered legal person and stores the following data about him:

  • the commercial name or the title of the legal person;
  • the registration code or registration number and time of registration;
  • the name of the Chairman of the Executive Board or names of the members of the Board alternatively members of another body that replaces it, and their credentials in the presentation of the legal entity;
  • data on the means of communication of the legal person;
  • information on the actual beneficiaries;
  • the operations of the legal entity;
  • the purpose of obtaining the KYC-code

5.4. The client sends the data that are necessary for identification through the system of KYC Center by filling in the questionnaire. If it concerns the high-risk client, the client provides the data that are necessary for identification via the electronic platform, but KYC Center applies additional measures of careful examination (the request for additional information, the telephone interview, Skype, online conversation, the provision of notarized copy of the identity document or the direct contact with the client if he is at the same location where necessary).

6. The enhanced procedure of the application of the measures of careful examination

6.1. The measures of careful examination are always applied in the enhanced order, if:
6.1.1.in the process of the person’s identification or verification of information, the suspicion arose regarding the validity of the information provided, the authenticity of documents or identification of the actual beneficiary;
6.1.2. the person is a politically exposed person, except for local politically exposed person, a member of his family or the close associate;
6.1.3. the person form the high-risk third country or the place of permanent or temporary residence, the location of the person, who offers payment service as a beneficiary, is in the high-risk third country;
6.1.4. the client is the person from such a state or a territory or the place of permanent or temporary residence of the person, who offers payment service as a beneficiary, is in the state or territory, where there are no established effective systems to counter money-laundering and terrorist financing, or alternatively are considered to be territories with low tax rate.

6.2 KYC Center selects the additional measures of the careful examination to manage and reduce the previously established high-risk level and applies one or several of the following measures of careful examination:
6.2.1. the verification of the information provided supplementary during the person’s identification process by the additional documents, data or information in a credible and independent source;
6.2.2. the additional gathering information on the person and checking of information provided on the basis of additional documents, data and information with the help of a credible and independent source;
6.2.3. the collection of additional information and documents to determine source and origin of the funds;
6.2.4. the acceptance of payment for the KYC-code only from the client’s personal bank account, which is open on the client’s name at a credit institution that is registered or located in the state that is a party to the Agreement on the European Economic Area, or in the state with requirements that tantamount to requirements of the Directive (EU) 2015/849 of the European Parliament and the Council;
6.2.5. the application of measures of careful examination to the person or his representative, being with him in the same place or the provision by the person of the notarized copy of the identity document.
6.2.6. When using measures of careful examination, KYC Center shall apply monitoring of client’s data more frequent than usual, including no later than after six months since initial code issuance.
6.2.7. If KYC Center faces the client from a high-risk country, he implements the following measures of careful examination:
• the acquisition of additional information about the client and his actual beneficiary;
• the obtaining of the information on the origin of financial resources and wealth of the client and his actual beneficiary;
• the receiving of information on reasons and purposes of the obtaining of the code;
• the obtaining of the permission from senior management of KYC Center to issue the code yellow;
• the increase in the intensity of the monitoring of the client by increasing the number and frequency of the verification measures applied, and by choosing indicators for the analysis, which shall be checked further.

came into force on 01.06.2018