Policies

Privacy Policy
AML / KYC policy

TRANSFI GROUP
GLOBAL PRIVACY POLICY

Last Updated: October 2024

CONTACT US
If you have any questions about this Privacy Policy, You can contact us:
By email: compliance@transfi.com

1. What is the objective of TransFi’s Privacy Policy?

“TransFi” refers to Trans-Fi Inc. and its affiliates and subsidiaries worldwide, including Trans-Fi UAB and NEOMONEY INC. (collectively “TransFi Group”, “TransFi”, “we”, “us” or “our”). 

TransFi may share your personal data with its other entities (subsidiaries and affiliates) and use it in accordance with this Privacy Policy.

The objective of TransFi’s (all subsidiaries and affiliates) privacy policy (the “Privacy Policy”) is to commit to protecting your privacy. Please read this carefully as this policy is legally binding when you choose to use our Services. For the purpose of the relevant data protection regulations, TransFi may act as either the “data controller”, “data processor” or both of your information.

This Privacy Policy describes how we collect, use, handle and, under certain conditions, disclose your personal data, when you access our Services, which include our content on the Website located at www.transfi.com or any other websites, pages, features, or content we own or operate, including the TransFi payments transaction platform (collectively, the “Website(s)”), or any TransFi widget, application programming interface (“API”) or third party applications relying on such an API, products (Payouts, Collections and Ramp) and related services (referred to collectively hereinafter as “Services”).

This Privacy Policy also explains the steps we have taken to secure your personal information. Finally, this Privacy Policy explains your options regarding the collection, use and disclosure of your personal information. By visiting the Website, you accept the practices described in this Privacy Policy for the Website. If you do not acknowledge and accept this Privacy Policy, you may not use the Services.  

If you have any questions about this policy, please send them to compliance@transfi.com.

2. What personal information do we collect from you?

Personal information means any data which relates to a living individual who can be identified from that data, or from that data and other information, which is in the possession of, or is likely to come into the possession of, TransFi (or its representatives or service providers). In addition to information, it includes any expression of opinion about an individual and any indication of the intentions of TransFi or any other person in respect of an individual. The definition of personal information depends on the relevant law applicable for your physical location. The data TransFi may collect and use about you is described below in sections 2.1-2.3 of this Privacy Policy. 

TransFi obtains information about you from various sources. “You” may be an individual or legal entity entering into a business services agreement with TransFi and/or setting up a user account with TransFi and using the Services provided or through our Website or API (“User”), a legal entity/business identified under anti money laundering (“AML”) or counter terrorist financing (“CTF”) identification requirements as per local regulations, verified by TransFi, that uses our Services to collect payments, make payouts, or facilitate cross-border transfers (“Client”), a legal entity that has a contractual relationship with a TransFi Client and may be subject to AML/CTF identification requirements, verified either by TransFi or the Client (“Merchant”), a legal entity that is a client of a Merchant and may be subject to AML/CTF identification requirements, verified either by TransFi or the Merchant (“Sub-Merchant”), or individuals or legal entities that are the end users of Merchants who interact with the Services provided (“End User”). You may also be a recipient/beneficiary of one of our Services, or a visitor to our Website or other service that links to our API and Services. If You are a Merchant, a Sub-Merchant, or End User, your use of the Services will be governed by the applicable agreement between TransFi and the relevant Client.

2.1 Information you provide to us

This includes information you provide to us in order to establish an account and access our Services. This information is either required by law (e.g. to verify your identity), necessary to provide the requested Services (e.g. you will need to provide your bank account number if you would like to link that account to TransFi), or is relevant for our legitimate interests described in greater detail below.

The nature of the Services you are using or interacting with will determine the kind of personal information we might ask for, but may include:

  • Personal Identification Information: full name, date of birth, age, nationality/citizenship, country of residence, government-issued ID details (including ID number, ID type, issuance and expiry dates), social security number, tax ID number, account credentials, geolocation, unique device details, network information or internet protocol address, wallet address,  gender, signature, utility bills, photographs, phone number, home address, email and/or any other information deemed necessary to comply with our legal obligations under applicable law and regulations;
  • Official Identity Documents: government-issued identity document such as a passport, visa or national identity card, state ID card, driver’s licence,  and/or any other information deemed necessary to comply with our legal obligations under applicable law and regulations;
  • Financial Information: bank account information, payment card information, tax identification number (“TIN”), transaction history, trading data. For transaction details, we store order details, the User’s bank account number, bank account name, and card information, including the cardholder’s name, card number, CVV, and expiration date. As we are Payment Card Industry Data Security Standard (“PCI DSS”) certified, we are able to securely store this information to meet our compliance obligations and ensure data security. While we do not store your TransFi User account login credentials, we securely handle and store card details in compliance with PCI DSS standards. Payment card information may also be processed through our system during transactions via secure third-party service providers. 
  • Transaction Information: information about the transactions you undertake in connection with our Services, such as the name of the recipient, your name, the amount and/or timestamp, purpose of transaction, jurisdiction of transaction; 
  • Verification Information: to verify your identify, including information for fraud checks and other information you provide, including images of yourself and a liveliness check;
  • Employment Information: Office location, job title, and/or description of role; or
  • Correspondence: Survey responses, information provided to our support team or User research team.

If you are a company, we may request information such as your employer Identification number (or comparable number issued by a government), proof of legal formation (e.g. Articles of Incorporation) and personal identification information for all material beneficial owners for Know Your Business (“KYB”) purposes.

If you do not provide us with the information below, we may not be able to provide the Services to you, or your use of the Services may be restricted. 

In addition to the information you provide to us in connection with your use of the Services, you may also choose to submit information to us via other channels, including in connection with an actual or potential business relationship with TransFi.

2.2 Information we collect automatically or generate about you

This includes information we collect automatically, such as whenever you interact with our Website or use our Services. With regard to your use of our Services we may automatically collect the following information:

  • Details of the transactions you carry out when using our Services, including geographic location from which the transaction originates;
  • Technical information, including the Internet protocol (“IP”) address used to connect your computer to the Internet, your login information, browser name, type and version, time zone setting, browser plug-in types and versions, operating system, geolocation/tracking details and platform, device details;
  • Information about your visit, including the authentication data, security questions, full Uniform Resource Locators (“URL”) clickstream to, through and from our Website or mobile application (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any email used to contact us.
  • Cookies and other Technology. Like many websites, our Website employs cookies, location-based Services and web beacons (also known as clear GIF technology or “action tags”) to speed your navigation of our Website, recognize you and your access privileges, and track your usage. Please read our Cookie Policy for more information.

2.3 Information collected from third parties

We may receive information about you if you visit or use our Website or use our Services. This includes information we may obtain about you from third-party sources. The main types of third parties we receive your personal information from are:

  • Public databases, ID verification partners in order to verify your identity in accordance with applicable law. ID verification partners use a combination of government records and publicly available information about you to verify your identity. Such information may include your name, address, job role, public employment profile, status on any sanction’s lists maintained by public authorities, and other relevant data;
  • Blockchain data to ensure parties using our Services are not engaged in illegal or prohibited activity, sanctioned jurisdiction, dark net, child abuse, etc. and to analyze transaction trends for research and development purposes by screening wallet address for the source of funds;
  • Marketing partners & resellers so that we can better understand which of our Services may be of interest to you;
  • The banks/financial service providers you use to transfer money to us will provide us with your basic personal information, such as your name and address, as well as your financial information such as your bank account details;
  • Business partners may provide us with your name and address, as well as financial information, such as card payment information; and
  • Advertising networks, analytics providers and search information providers may provide us with pseudonymised information about you, such as confirming how you found our Website.

3. How do we use your personal information?

We may use your information in the following ways and for the following purposes:

(a) Internal Use: We use your personal information to provide you with our Services. We may  use your personal information to improve our Website’s content and layout, and improve our marketing efforts. . Additionally, we use your information to ensure the safety, security, and integrity of our Services by protecting against fraudulent, unauthorised, or illegal activity; monitoring identity and service access; and addressing security risks. .

(b) Communications with You: According to your preferences and in compliance with applicable law, we may send you marketing communications to inform you about events, to deliver targeted marketing and to share promotional offers. This may involve sending you communications via emails or mobile application notifications about our Services, features, promotions, surveys, news, updates, and events, managing your participation in promotions and events, delivering targeted marketing, and determining general information about visitors’ usage behaviour on the Website. Our marketing will be conducted in accordance with your advertising and marketing preferences and as permitted by applicable law. We require certain information, such as your identification, contact, and payment details, to provide and maintain our Services. If you are a new User or Client, we will contact you by electronic means for marketing purposes only if you have consented to such communication. If you do not want us to send you marketing communications, please go to your account settings to opt out or submit a request via compliance@transfi.com.

We may send you service updates regarding administrative or account-related information, security issues, or other transaction-related information. These communications are important to share developments relating to your account that may affect how you can use our Services. You cannot opt out of receiving critical service communications.

We also process your personal information when you contact us to resolve any questions, disputes, collect fees, or to troubleshoot problems. Without processing your personal information for such purposes, we cannot respond to your requests and ensure your uninterrupted use of the Services.

(c) Legal and Regulatory Compliance:  TransFi is required to process your personal information in compliance with AML/CTF, and security laws, which may include the collection, use, and storage of your information in certain ways. For example, we must identify and verify customers using our Services, including collecting photo identification and using third-party service providers to compare your personal information against databases and public records. When you seek to link a bank account to your TransFi account, we may request additional information to verify your identity or address and manage risk, as required by applicable law. Additionally, we may disclose personal information in response to requests from law enforcement, subpoenas, court orders, or as otherwise required by law, and where necessary to protect our legal rights, enforce agreements, or prevent fraud and abuse of our Services. This includes efforts to mitigate account compromise or loss of funds, investigate complaints, claims and/or disputes, and comply with regulatory or legal requests/inquiries.

(d) External Use: We disclose information to our service providers to help enable them to perform Services on your behalf. For example, to facilitate the purchase and custody of digital assets, we share certain information with third parties, such as your name, email address, physical address, social security number, date of birth, government-issued identification and the amount of digital assets being purchased.Further, the types of data we collect and share with third parties are described above in the information you provide to us, which includes your date of birth, country of residence, first name, last name, ID number, ID type, ID issue date, and ID expiry date, your bank account number, bank account name, and card information, including the name on the card, card number, CVV, and expiration date.

We may share non-personal information (such as the number of daily visitors to our Website or the size of an order placed on a certain date) with third parties. This information does not directly personally identify you or any User. For the avoidance of doubt, any IP addresses or a device or other identifier we collect may be shared with one or more third parties.

(e) Our Legitimate Business Interests: Sometimes the processing of your personal information is necessary for our legitimate business interests, such as:

  • quality control and staff training;
  • to enhance security, monitor and verify identity or service access, and to combat spam or other malware or security risks;
  • research and development purposes;
  • to enhance your experience of our Services and Website; 
  • to facilitate corporate acquisitions, mergers, or transactions;

to conduct internal operations needed to deliver our Services, including troubleshooting software bugs and operational issues.

4. What personal information do we  disclose to third parties?

We allow your personal information to be accessed only by those who require access to perform their work and share it only with third parties who have a legitimate purpose for accessing it. TransFi will never sell or rent your personal information to third parties without your explicit consent. We will only share your personal information with selected third parties including:

  • Identity verification services to prevent fraud. This allows TransFi to confirm your identity by comparing the information you provide us to public records and other third-party databases;
  • Financial institutions which we partner with to process payments you have authorised;
  • Affiliates, business partners, suppliers and sub-contractors for the performance and execution of any contract we enter into with them or you;
  • Analytics and search engine providers that assist us in the improvement and optimisation of our Website;
  • Companies or other third parties in connection with business transfers or bankruptcy proceedings;
  • Companies or other entities that purchase TransFi assets;
  • Law enforcement, regulators, or any other third parties when we are compelled to do so by applicable law or if we have a good faith belief that such use is reasonably necessary, including to protect the rights, property, or safety of TransFi, TransFi customers, third party, or the public; comply with legal obligations or requests; enforce our terms and other agreements; or detect or otherwise address security, fraud, or technical issues; and
  • If you authorise one or more third-party applications to access our Services, then the information you have provided to TransFi may be shared with those third parties. A connection you authorise or enable between your TransFi account and a non-TransFi account, payment instrument, or platform is considered an “account connection.” Unless you provide further permissions, TransFi will not authorise these third parties to use this information for any purpose other than to facilitate your transactions using our Services. Please note that third parties you interact with, should have their own privacy policies and TransFi is not responsible for their operations or their use of data they collect.

Examples of account connections include:

  • Merchants: If you use your TransFi account to conduct a transaction with a third-party merchant, the merchant may provide data about you and your transaction to us.
  • Your financial services providers: For example, if you send us funds from your bank account, your bank will provide us with identifying information in addition to information about your account in order to complete the transaction.

You acknowledge and agree that TransFi may continue to use and disclose your personal data for a reasonable period following the termination of the relationship between you and TransFi for one or more of the following purposes: 

  • to enable TransFi to fulfil its outstanding obligations to you under any agreement, if applicable; 
  • to allow TransFi to enforce its rights under any agreement, if applicable; 
  • for any purposes to which you have provided your written consent; 
  • as required under applicable law; and as mandated by an order from a court of competent jurisdiction.

5. Links to other sites

Our Website may contain links to other websites for your convenience or information. These websites are operated by entities unaffiliated with TransFi, and we do not control, endorse, or take responsibility for their content or privacy practices. Each linked website may have its own terms of use and privacy policies, which may differ from ours. We encourage you to review these policies whenever you visit third-party websites, as TransFi is not responsible for the practices or policies of these external sites.

6. How do we protect and store personal information?

TransFi implements and maintains reasonable measures to protect your personal information. Your files are protected with safeguards according to the sensitivity of the relevant information. Reasonable controls (such as restricted access) are placed on our computer systems.

TransFi is an international business with operations in multiple countries. This means we may transfer to locations outside of your country. When we transfer your personal information to another country, we will ensure that any transfer of your personal information is compliant with applicable data protection law.

We may store and process all or part of your personal and transactional information, including certain payment information, such as your encrypted bank account and/or routing numbers. We protect your personal information by maintaining physical, electronic, and procedural safeguards in compliance with the applicable laws and regulations.

As a condition of employment, TransFi’s employees are required to follow all applicable laws and regulations, including in relation to data protection law. Access to sensitive personal information is limited to those employees who need it to perform their roles. Unauthorized use or disclosure of confidential customer information by a TransFi employee is prohibited and may result in disciplinary measures.

Finally, we rely on third-party service providers for the physical security of some of our computer hardware. We require those third-party service providers to comply with commercially reasonable security practices and measures. For example, when you visit our Website, you access servers that are kept in a secure environment. While we take industry-standard precautions to safeguard your personal information and secure your account, no system can be completely secure. As such, you assume the risk of potential breaches and their consequences. To protect your account, please safeguard your credentials, choose a complex password when registering, enable advanced security features like two-factor authentication, and never share your account credentials with third parties.

If we anonymize your personal information so that it can no longer be associated with you, it will no longer be considered personal information, and we can use it without further notice to you.

We do not knowingly request to collect personal information from any person under the age of 18. If a User submitting personal information is suspected of being younger than 18 years of age, TransFi will require the User to close his or her account and will not allow the User to continue using our Services. We will also take steps to delete the information as soon as possible. 

 We retain personal information as long as reasonably necessary to fulfil its intended purposes and meet our contractual and legal obligations. Email addresses and phone numbers are stored until the User uses the TransFi Services, and data is retained for five years once the User unsubscribes or removes themselves. Information will be deleted or de-identified when no longer needed, unless longer retention is required by law. TransFi retains certain information under AML/CTF regulations and holds data for a period of five years. If we cannot fully delete or de-identify information, we will take reasonable measures to prevent further processing.

7. Do we do any profiling and automated decision making?

We may use some instances of your data in order to customise our Services and the information we provide to you, and to address your needs - such as your country of address and transaction history. For example, if you frequently send funds from one particular currency to another, we may use this information to inform you of new product updates or features that may be useful for you. When we do this, we take all necessary measures to ensure that your privacy and security are protected - and we only use pseudonymised data wherever possible. This activity has no legal effect on you.  

8. What are your privacy and information access rights?

Depending on applicable law of where you reside, you may be able to assert certain rights related to your personal information. These rights include:

  • the right to obtain information regarding the processing of your personal information and access to the personal information which we hold about you;
  • the right to withdraw your consent to the processing of your personal information at any time. Please note, however, that we may still be entitled to process your personal information if we have another legitimate reason for doing so (for example, we may need to retain personal information to comply with a legal obligation);
  • in some circumstances, the right to receive some personal information in a structured, commonly-used and machine-readable format and/or request that we transmit that data to a third party where this is technically feasible. Please note that this right only applies to personal information which you have provided directly to TransFi;
  • the right to request that we rectify your personal information if it is inaccurate or incomplete;
  • the right to request that we erase your personal information in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal information, but we are legally entitled to retain it;
  • the right to object to, or request that we restrict, our processing of your personal information in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal information but we are legally entitled to refuse that request;
  • the right to lodge a complaint with the relevant data protection regulator if you think that any of your rights have been infringed by us; and
  • the right to transfer your personal data between data controllers, for example, to move your account details from one online platform to another.

Our Services may, from time to time, contain links to and from the websites of our partners, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility for them. Please check these policies before you submit any personal data to these websites. Further information about your rights may be obtained by contacting the supervisory data protection authority located in your jurisdiction.

Subject to applicable laws, you may have the right to access information we hold about you. Your right of access can be exercised in accordance with the relevant data protection legislation.

9. How often is the Privacy Policy updated?

We may update this Privacy Policy from time to time and without prior notice to you to reflect changes in our information practices, and any such amendments shall apply to information already collected and to be collected. Your continued use of our Website or any of our Services after any changes to this Privacy Policy indicates your agreement with the terms of the revised Privacy Policy. 

Please review this Privacy Policy periodically and especially before you provide personal data to us. If we make material changes to this Privacy Policy, we will notify you here, by email or by means of a notice on the home page of our Website. The date of the last update of the Privacy Policy is indicated at the top of this document.

10. How can you contact us regarding any privacy questions?

If you have any questions about this Privacy Policy, please contact us at compliance@transfi.com or send physical mail to the relevant entity below:

Trans-Fi UAB

Pramones 10G 

Vilnius, Lithuania - 11118

NEOMONEY INC. 

325 Front Street West 2nd floor 

Toronto, ON M5V2Y1

Canada

TransFi AML KYC Policy

Last updated: November 2024

The guidelines contained in this reference shall provide guidance to the staff of Trans-Fi UAB and its subsidiaries & affiliated entities (together referred to as “TransFi” and “the Company”) AND its customers, regarding practices and standards that TransFi expects to have in place, in order to detect and prevent money laundering and terrorist financing; identify and report suspicious activity; comply with anti-terrorism & sanctions laws and regulations; and other relevant international laws.

KYC laws have been a standard AML obligation around the world for decades and were introduced in the United States with the USA Patriot Act and in Europe with the European Union Anti-Money Laundering Directives (AMLD) to help detect and prevent Terrorism Financing activities

These Guidelines have been adopted to ensure that the Company also complies with the rules and regulations set out in:

  1. the Lithuanian International Sanctions Act (ISA);
  2. the Lithuania Money Laundering and Terrorist Financing Prevention Act;
  3. the Lithuania Financial Crime Investigation Services General Policy lines regarding measures against money laundering, terrorist financing and regarding implementation of international sanctions;
  4. DIRECTIVE (EU) 2018/843 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and amending Directives 2009/138/EC and 2013/36/EU (AMLD5).

These Policy lines are the subject of a review by the Company's Money Laundering Reporting Officer at least annually. The proposal for a review and the review of these Policy lines may be scheduled more often by the decision of the Company's Money Laundering Reporting Officer (MLRO) and obligations of applicable laws.

1. Policy Statement And Objectives

TransFi has created this AML KYC policy to:

  • Assist its employees in complying with the laws, rules and regulations across jurisdictions in our collective effort to ensure that the services that TransFi provides are fully compliant;
  • Put in place appropriate systems and controls to ensure compliance with policies;
  • Develop a risk-based approach to manage money-laundering and terrorist financing risk;
  • Set clear customer due diligence procedures, including Identification & Verification (ID&V) and KYC, and providing guidance when enhanced due diligence is required;
  • Conduct transaction monitoring to detect unusual and suspicious activity and to report to local supervisory authorities;
  • Take appropriate measures to freeze or close relationships to mitigate financial crime risk; and
  • Develop a robust employee training program as an essential component of an effective AML compliance program.

This Policy, coupled with internal controls, independent compliance testing and appropriate training, are the key segments of TransFi’s Anti-Money Laundering (AML) and Know-your-customer & Business (KYC/KYB) approach.

TransFi’s AML/KYC & KYB policy covers the following elements:

  • Definitions
  • Customer Due Diligence which includes Identification & Verification requirements (ID&V) and Know your customer (KYC) & Know your Business (KYB), which include Standard Due diligence (SDD) as well as Enhanced Due Diligence (EDD); and various ongoing screenings like, adverse media, PEP and sanctions;
  • Risk Management;
  • Internal Control;
  • Transaction Monitoring;
  • Prohibited Customer Types;
  • Implementation of Sanctions;
  • TransFi Compliance department;
  • Independent testing/review;
  • Employee training;
  • Record keeping;
  • Law enforcement requests;
  • Conclusions.

2. Definitions

(i) Beneficial Owner in the case of a legal entity, is a natural person whose direct or indirect holdings, or the sum of all direct and indirect holdings in the legal entity, exceeds 25 percent, including holdings in the form of shares or other forms of bearer holdings.

(ii) Business Relationship means a relationship that is established upon conclusion of a long-term contract by the Company in economic or professional activities for the purpose of provisioning of a service or distribution thereof in another manner or that is not based on a long-term contract, but whereby a certain duration could be reasonably expected at the time of establishment of the contract and during which the Company repeatedly makes separate transactions in the course of economic or professional activities while providing a service.

(iii) CDD means Customer due diligence which is collecting and evaluating the new customers' information and determining their risk for illegal financial transactions

(iv) Company means TransFi.

(v) Customer means a legal entity which has business relationship with the Company or legal entity with which the Company enters into an occasional transaction.

(vi) Employee means the Company's employee, including persons who are involved in application of this Policy in the Company.

(vii) MLRO means Money Laundering Reporting Officer, who is appointed to the Company as a compliance officer in the meaning of § 17 of MLTFPA.

(viii) Money Laundering (ML) means the concealment of the origins of illicit funds through their introduction into the legal economic system and transactions that appear to be legitimate. There are three recognized stages in the money laundering process:

  1. placement, which involves placing the proceeds of crime into the financial system;
  2. layering, which involves converting the proceeds of crime into another form and creating complex layers of financial transactions to disguise the audit trail and the source and ownership of funds; and
  3. integration, which involves placing the laundered proceeds back into the economy to create the perception of legitimacy

(ix) Occasional Transaction means the transaction performed by the Company in the course of economic or professional activities for the purpose of provision of a service or sale of goods or distribution thereof in another manner to the customer and / or user outside the course of an established business relationship.

(x) PEP (Politically exposed person) means a natural person who performs or has performed prominent public functions and with regard to whom related risks remain.

At least the following persons are deemed to be PEPs:

  1. head of State or head of government;
  2. minister, deputy minister or assistant minister;
  3. member of a legislative body;
  4. member of a governing body of a political party;
  5. judge of the highest court of a country;
  6. auditor general or a member of the supervisory board or executive board of a central bank;
  7. the Chancellor of Justice;
  8. ambassador, envoy or charge d'affaires;
  9. high-ranking officer in the armed forces;
  10. member of an administrative, management or supervisory body of a state-owned enterprise;
  11. director, deputy director and member of a management body of an international organization;
  12. person in list of Lithuania positions whose holders are considered politically exposed persons is established by a regulation of the minister responsible for the field;
  13. person in list of positions, which is established by international organisation accredited in Lithuania;
  14. a person who, as per list published by the European Commission, is considered a performer of prominent public functions by a Member State of the European Union, the European Commission or an international organisation accredited on the territory of the European Union is deemed a politically exposed person.
  15. Close family member or associate of 1-14 above

Middle ranking or more junior officials are not considered PEPs.

(xi) Sanctions mean an essential tool of foreign policy aimed at supporting the maintenance or restoration of peace, international security, democracy and the rule of law, following human rights and international law or achieving other objectives of the United Nations Charter or the common foreign and security Policy of the European Union. Sanctions include:

  1. international sanctions which are imposed regarding a state, territory, territorial unit, regime, organization, association, group or person by a resolution of the United Nations Security Council, a decision of the Council of the European Union or any other legislation imposing obligations on Lithuania;
  2. sanctions of the Government of the Republic of Lithuania which is a tool of foreign policy which may be imposed in addition to the objectives specified in previous clause to protect the security or interests of Lithuania.

International sanctions may ban the entry of a subject of an international sanction in the state, restrict international trade and international transactions, and impose other prohibitions or obligations. The subject of Sanctions is any natural or/and legal person, entity, or body, designated in the legal act imposing or implementing Sanctions, with regard to which the Sanctions apply

(xii) Terrorist Financing (TF) means the financing and supporting of an act of terrorism and commissioning thereof, as well as the financing and supporting of travel for the purpose of terrorism, in the meaning of applicable legislation.

(xiii) User means a natural person who has business relation with the Company or the Company’s customers, or with whom the Company or the Company’s customers enter into occasional transactions.

(xiv) Virtual currency means a value represented in the digital form, which is digitally transferable, preservable or tradable and which natural persons or legal persons accept as a payment instrument, but that is not the legal tender of any country or funds for the purposes of Article 4(25) of Directive (EU) 2015/2366 of the European Parliament and of the Council on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (OJ L 337, 23.12.2015, pp 35-127) or a payment transaction for the purposes of points (k) and (I) of Article 3 of the same Directive.

3. Know Your Customer & Identification & Verification Requirements

TransFi is an international services provider in a host of countries within which it provides its services. Regulatory requirements across the world require customer due diligence as a critical tool to prevent illegal activity. TransFi has set up data collection, verification, analytics, investigation and reporting processes within the standards of Anti-Money Laundering regulations through its “Know Your Customer (KYC/KYB)” framework. Key elements of this framework are:

A. Standard Due Diligence

Standard due diligence (SDD) is applied where the customer's risk profile indicates lower risk and where, in accordance with the risk assessment of the Company, it has been identified that in such circumstances the risk of money laundering or terrorist financing is lower than usual.

The Company will verify the identity of its customers and users under its “Know Your customer” processes. For individual users, this will include name and date of birth that is verifiable electronically through an accepted and valid Government issued document accurately containing the users name and date of birth. Acceptable forms of identification for an individual user varies by country of operation and includes one or more of the following:

  • National ID;
  • Passport;
  • Residence permit for a foreign national;
  • Any other acceptable ID allowed by regulation; and as additional verification form
  • Valid Address document like a Utility bill/bank statement (could be any of the above if they have the complete address and not merely a PO Box).

Required documents for a corporate (KYB) includes the following:

  • Proof of registration- Company Registration /Incorporation;
  • Shareholders registry (issued by the state registry within last 6 months)

OR

Recent company excerpt showing shareholders identifying the UBO(issued within last 6 months);

  • Memorandum of Association (MOA) & Articles of Association (AOA) wherever applicable- These document sets out how a company is operated, governed and owned and the extent of Authority/ powers key executives hold;
  • Official address or Principal business address (proof of address);
  • EIN / TIN;
  • All ID docs for natural persons owning >25% of the legal entity and any natural person who is a controlling person or the Beneficial Owner. All the company’s beneficiaries (that own 25% or more) will need to individually complete the KYC process.

The Company will take steps to confirm the authenticity of documents and information provided by users and customers, including verification with regulatory / government sources, and running analytics. Identification information taken above will be collected, stored, shared and protected strictly in accordance with the company’s Privacy Policy related regulations.

B. Enhanced Due Diligence (EDD)

The Company will flag users & customers presenting a higher risk (e.g., politically exposed persons or high-risk customers) and request additional documents & verification.

A high-risk customer is identified based on business activities and includes, but not limited to, the following

  • Custodial crypto / digital assets services
  • Other crypto / digital assets services that are not non-custodial
  • Money services / Payments / other financial services
  • Gambling services
  • Any customer with a politically exposed beneficial owner

For a high-risk customer, the company will request any additional documents to ascertain AML risks under Enhanced due diligence as necessary, including but not limited to Proof of source of funds, relevant licenses and AML / KYC policies. If an EDD requires an investigation, the Company will take any such measures as deemed fit.

Politically Exposed Person

A politically exposed person (PEP) is one defined in Clause 2(x) of this policy. The Company will take measures to ascertain whether the user or the beneficial owner of the customer is a PEP, their family member2 or close associate3, or if the customer has become such a person. Enhanced due diligence as necessary, including but not limited to Proof of source of funds and

The Company will request the PEP for any additional documents to ascertain AML risks under Enhanced due diligence as necessary, including but not limited to Proof of source of funds and Proof of address. The Company will verify the data received from the PEP by making inquiries in relevant databases or public databases or making inquiries or verifying data on the websites of the relevant supervisory authorities or institutions of the country in which the PEP has place of residence or seat.

Where a PEP no longer performs important public functions placed upon them, the Company shall at least within 12 months take into account the risks that remain related to the PEP and apply relevant and risk sensitivity-based measures as long as it is certain that the risks characteristic of PEPs no longer exist.

Adverse Media, PEP and sanctions screenings

The Company KYC’s all its customers. In addition to the KYC and KYB , the customer is subjected to various screenings like, adverse media, PEP and sanctions on an ongoing basis.

C. Ongoing Monitoring

The Company will verify the identity of users and customers on an ongoing basis, especially if there has been any change in the identification information or their activities are deemed suspicious. Such activities could include, though not limited to, changes in customer information, address, ownership, and activities wherein KYC details will be updated on an ongoing basis. The Company reserves the right to ask such users for updated KYC documents, even if they have been successfully verified in the past. The Company shall conduct periodic review of its client's basis their risk categorization review of its client's basis their risk categorization. The risk levels are: High risk - 1 year and Medium & Low risk - 3 years.

D. Acceptable Sources Of Funds

Source of funds refers to the origin of the funds. It refers to the activity that generated the funds, for example salary payments or sale proceeds, as well as the means through which the customer's or beneficial owner's funds were transferred. Acceptable sources of funds include

  • Salary /Business income;
  • Pension releases;
  • Personal savings from legal sources;
  • Share sales and dividends;
  • Property sales;
  • Inheritances and gifts allowed by law;
  • Tax return receipts and other incomes from government;

E. Transaction Blocking

The Company will prohibit business relationships and occasional transactions with users and customers that fail KYC at any point in time as per the requirements of this Policy

F. Verifying User Identity

The Company will prohibit business relationships and occasional transactions with users and customers that fail KYC at any point in time as per the requirements of this Policy

4. Risk Management

Risk assessment is a process whereby a methodology is maintained to identify and measure the inherent financial crime risk to which the Company is exposed, assess the coverage of controls to mitigate these risks and determine the residual levels. This is done in order to estimate the threat to compliant practices, as the Company provides services to its customers, are calculated; and as may be necessary, eliminated, reduced or controlled. The main purpose of risk assessment is to identify transactions that may threaten to take advantage of compliance vulnerabilities and evaluate the risks presented, to effectively conduct the elimination of such threats.

The Company will follow a risk-based approach to combating money laundering and terrorist financing. This approach applies both to user transactions and company’s customers. By adopting a risk-based approach, the Company will ensure that measures taken are commensurate to the identified risks, thereby enabling efficient allocation of resources. This principle also ensures that the greatest risks receive the highest attention.

The Company’s risk-based approach is based on, but not limited to the following:

  • Monitoring transactions and assigning risk based on multiple parameter such as location, destination, user behavior and value of transactions
  • Bank card verifications to ensure the ownership of card is determined to be to the user before processing transactions
  • Monitoring crypto transactions and assessing risk of dealing with dark net, high money laundering risk counterparties, and likely association with other illegal activities

The risk-based approach will cover all markets where the Company has a business presence.

5. Internal Control

Management is ultimately responsible for ensuring that TransFi maintains an effective AML/KYC internal control structure, including suspicious activity monitoring and reporting. TransFi management follows a culture of compliance to ensure staff adherence to the AML/KYC policies, procedures, and processes. Internal controls are the TransFi’s policies, procedures, and processes designed to limit and control risks and to achieve compliance with relevant rules and regulations. The level of sophistication of the internal controls commensurates with the size, structure, risks and complexity of the TransFi’s operations and lines of business.

6. Transaction Monitoring

Regulations across jurisdictions require the company to monitor and analyse transactions of both individual users and customers. The Company will use a comprehensive approach of transaction monitoring including, but not limited to:

  • screening i.e., monitoring transactions in real-time;
  • monitoring i.e., analyzing transactions later.

The objective of screening is to identify:

  • suspicious and unusual transactions and transaction patterns;
  • transactions exceeding the provided thresholds;
  • politically exposed persons and circumstances regarding international sanctions.

The screening of the transactions is performed automatically and includes the following measures:

  • established thresholds for transactions, depending on the user / customer's risk profile and the estimated transactions turnover declared by the user / customer;
  • the scoring of virtual currency wallets where the virtual currency shall be sent in accordance with the user / customer’s order;
  • the scoring of virtual currency wallets from which the virtual currency is received.

When monitoring transactions the Company will assess transaction with a view to detect activities and transactions that:

  1. deviate from what there is reason to expect based on the due diligence measures performed, the services provided, the information provided by the user / customer and other circumstances (e.g. exceeding estimated transactions turnover, virtual currency sending each time to new virtual currency wallet, volume of transactions exceeding limit);
  2. without deviating according to previous clause, may be assumed to be part of a money laundering or terrorist financing;
  3. may affect the user / customer's risk profile score.

In addition, the Compliance Department shall take any appropriate actions to ensure compliance with laws & regulations including

  • Daily check of users against recognized “blacklists” (e.g. OFAC or any other Specially Designated National (SDN) list as prescribed in other jurisdictions), aggregating transfers by multiple data points, placing users on watch and service denial lists, opening cases for investigation where needed, sending internal communications and filing out statutory reports, if applicable;
  • Regular filing of reports such as Currency Transaction Reports, Filing Suspicious Activity Reports;
  • Requesting users and customers for any additional information and documents in case of suspicious transactions, including suspending or terminating accounts when the company has reasonable suspicion of illegal activity;
  • Maintaining a record of all transactions as required by the respective regulatory authority in their respective countries or for a period dictated by laws and regulations in the jurisdiction which they operate

7. Prohibited Customer Types

The Company shall not establish business relationships or do occasional transactions with customers who pose serious money laundering risks and fall outside the Company's risk appetite. The Company will not under any circumstances accept the following types of customers.

  • Known beneficiaries of Corruptions or Illegal Activities;
  • Shell companies/shell banks;
  • Unregulated casinos or gambling companies;
  • Incomplete or failed KYB (Know your business);
  • Unlicensed money transmitters / payments / financial services companies; and
  • Customers with bearer shares in the ownership structure.
  • Marijuana/cannabis;
  • Guns, Arms and ammunition;
  • Precious metals;
  • Adult content or Pornography
  • Cash Transactions

8. Implementation Of Sanctions

Upon the entry into force, amendment or termination of any sanctions, the Company shall verify whether the customer or User who is planning to have the business relationship or occasional transaction with the Company is a subject of these sanctions. If the Company identifies a such a person or legal entity who is a subject of Sanctions or that the transaction intended or carried out by them is in breach of Sanctions, the Company shall apply Sanctions and immediately inform the relevant regulatory authority thereof.

The Company will use at least one of the following sources (databases) to verify the user / customer's relation to Sanctions:

  1. Comply Advantage watchlists;
  2. Financial sanctions information and search;
  3. Other internal databases or databases managed by third parties, which contain at least the lists from databases specified above.

The watchlists sources include:

  • The Office of Foreign Assets Control (OFAC) Sanctions
  • The United Nations Security Council’s Sanctions list
  • Her Majesty’s (HM) Treasury List
  • The EU Consolidated Sanctions List
  • The EU Most Wanted Warnings
  • The Bureau of Industry and Security
  • The State Department Foreign Terrorist Organizations List and Non Proliferation List
  • US DOJ (FBI, DEA, US Marshals, and others)
  • Interpol’s Most Wanted CBI List (The Central Bureau of Investigation)

The Company shall perform the abovementioned verification on an ongoing basis in the course of an established business relationship. The frequency of the ongoing verifications depends on the risk profile of the user / customer

If the Company has doubts that a person or legal entity is a subject to Sanctions, it shall immediately notify the MLRO. In this case the MLRO shall decide on whether to ask or acquire additional data from the person or notify the regulatory authority immediately of their suspicion.

Below is the list of prohibited jurisdictions for TransFi:

  • Abkhazia
  • Afghanistan
  • Angola
  • Belarus
  • Bosnia and Herzegovina
  • Burma (Myanmar)
  • Burundi
  • Central African Republic
  • Congo
  • Croatia
  • Cuba
  • Democratic Republic of Congo
  • Ethiopia
  • Guinea-Bissau
  • Iran
  • Iraq
  • Kosovo
  • Lebanon
  • Liberia
  • Libya
  • Macedonia (North)
  • Mali
  • Montenegro
  • Nagorno-Karabakh
  • Nicaragua
  • North Korea
  • Northern Cyprus
  • Russia
  • Sahrawi Arab Democratic Republic
  • Serbia
  • Slovenia
  • Somalia
  • Somaliland
  • South Ossetia
  • South Sudan
  • Sudan
  • Syria
  • Ukraine (including Region of Crimea)
  • Venezuela
  • Yemen
  • Zimbabwe

Note: In light of the recent Financial Promotion Regime by the FCA UK in Oct 2023, we have included UK in the Prohibited country list until we comply with the FPR .

9. TransFi Compliance Department

The Company has established a Compliance Department that is headed by a designated Compliance Officer and MLRO, who shall ensure implementation and enforcement of the AML / KYC policy. With support and oversight of transactional and administrative practices, the Compliance Department shall supervise all aspects of the Company’s Anti Money Laundering and counter-Terrorist Financing policies and ensures compliance with laws and regulations.

The scope of Compliance Department’s efforts includes, but not limited to the following:

  • Collect user’s identification information & conduct relevant checks as appropriate;
  • Establish and update internal policies and procedures for the completion, review, submission and retention of all reports and records required under the applicable laws and regulations;
  • Monitor transactions and investigate any significant deviations from normal activity;
  • Implement a records management system for appropriate storage and retrieval of documents, files, forms and logs;
  • Conduct a business risk assessment on a periodic basis; and
  • Provide law enforcement with information as required under the applicable laws and regulations.
AML Officer

The Company has appointed an MLRO who is not operationally involved, but who will monitor and verify the functioning of the Company independently. The MLRO is accountable for the following activities:

  1. produce and when necessary, update the Company's AML policy;
  2. monitor and verify on an ongoing basis that the Company is fulfilling the requirements prescribed by this policy and related documents and according to external laws and regulations
  3. provide the Company's employees and members of the Board with advice and support regarding the rules relating to money laundering and terrorist financing
  4. inform and train the employees of the Company and relevant persons about the rules relating to money laundering and terrorist financing
  5. investigate and register sufficient data on received internal notifications and decide whether the activity can be justified or whether it is suspicious;
  6. file the relevant reports (i.e. UARs, SARs, STRs, etc.) with the appropriate regulatory authorities in accordance with local jurisdictional requirements;
  7. check and regularly assess whether the Company's procedures and guidelines to prevent the use of the business for money laundering or terrorist financing are fit for purpose and effective;
  8. identify the incidents in accordance with the Company's policies and take measures regarding such incidents.

The Company through its MLRO will report to the regulatory authority on the activity or the circumstances that they identify in the course of economic activities and whereby:

  • the characteristics indicate the use of criminal proceeds, or the commission of crimes related to this (this is primarily a report on a suspicious and unusual transaction or activity, i.e. UTR or UAR);
  • in the case of which they suspect or know or the characteristics of which indicate the commission of money laundering or related crimes (this is primarily a report on a transaction or activity whereby money laundering is suspected, i.e., STR or SAR);
  • in the case of which they suspect or know or the characteristics of which indicate the commission of terrorist financing or related crimes (this is primarily a report on a transaction or activity whereby terrorist financing is suspected, i.e., TFR);
  • in the case of which an attempt of the activity or circumstances specified in previous clauses are present.

10. Independent Review

The Company shall engage an independent third-party firm with expertise in antimoney laundering (AML) compliance to conduct a comprehensive review and assessment of the effectiveness of the AML program. The independent review shall include, but not be limited to, an evaluation of the AML policies, procedures, and controls in place to detect and prevent money laundering and terrorist financing activities. The findings and recommendations of the independent review shall be documented in a written report provided to the Board of Directors, detailing any identified deficiencies and proposing remedial actions to address them.

11. Employee Training

Employee training is an essential part of an AML Compliance program. It is crucial to train the employees to improve their skills and comply with regulations and protect the company from criminal attempts.

The Company shall provide effective AML & internal controls training to its employees that will help to identify & prevent money laundering activities, minimize the risk of fines & penalties, and enhance the reputation of the Company. The training will be arranged on a periodic basis for the employees of the Company and members of the Board and documented. In case, an employee comes across a non-compliant situation, he or she is required to bring it to the attention of the Compliance Officer and MLRO (Money laundering reporting officer). They then take the required actions.

If required , the MLRO, who is independent of TransFi to report, prepares and submits a report to the FCIS (Financial Crime Investigation Service), Lithuania,

12. Record Keeping

Record keeping is an integral part of regulatory responsibility. To assist in record keeping the Company shall maintain an employee training log including details of their assessment results, when they were examined, when they were trained, and any reassessment necessary.

AML RECORDS

Where applicable, the following records will be retained by the Company for anti-money laundering purposes:

  1. Identification of users / customers - full details of evidence of identity for no less than five years from the end of the relationship
  2. Transactions – user / customer files containing the full details of the transaction for no less than five years from the date the transaction was completed
  3. Internal and external reporting – full details of action taken by Compliance Department for no less than five years from the creation of the record
  4. Detailed records must be kept no less than five years from the date the transaction or customer relationship ended.

RECORD ACCESSIBILITY

The Company shall maintain systems that ensure records are kept in accordance with regulatory requirements. The Company shall keep records electronically in the operating systems or on specific storage facilities for onsite or offsite storage, or paper based. In any case Company shall ensure that:

  1. Records can be accessed in a reasonable time and at a minimum as required by regulation.
  2. Records are protected against unauthorized access and accidental deletion or destruction, as per Data Protection requirements applicable in different jurisdictions.
  3. Third party providers used for storage of records shall have systems and procedures in place to ensure that records are protected against unauthorized access accidental deletion and securely stored for the required amount of time.

RECORD RETENTION

The overall principles in this respect are the following:

  1. Records verifying identity must be kept for no less than five years after the termination of a customer relationship/agreement.
  2. Records supporting individual transactions must be kept for no less than five years following completion of the transaction.
  3. Records of any report made to the compliance department (whether forwarded further) will be retained as part of the customer records.
  4. Records of customers / users who, according to the company's internal risk assessment pose a higher risk of money laundering and/or terrorist financing, must be kept for no less than ten years after the termination of a customer relationship/agreement.
  5. Records of customers / users with whom business relations or occasional transactions were refused for the reasons of prevention of money laundering and terrorist financing, must be kept for no less than ten years after the termination of the relationship/agreement.

13. Law Enforcement Requests

Government regulators and law enforcement agencies may seek information and records from time to time. Any person associated or connected with our company who receives or is served with a summons, subpoena or court order related to the Company’s business should immediately contact the Company Compliance Department for further assistance.

The Company shall assist entities in their investigations, provided the request(s) is / are conducted in a lawful manner. If a customer or user is subject to an examination by an equivalent regulatory body, the Company shall always comply with the examination process.

For any law enforcement requests, please direct your official document to our Compliance team at compliance@transfi.com

14. Conclusions

The Company is required by policy to operate in a legal and responsible manner. The Company will remain compliant, in all aspects, with all laws, rules, regulations across jurisdictions, as well as extend its full cooperation to law enforcement and regulatory authorities, maintain records, as per regulatory requirements and in accordance with the Company’s policies and procedures.

The Company will not tolerate its reputation to be put in jeopardy.

The Company will make sure that its customers do their part to ensure full compliance with all aspects and the spirit of this policy and support the Company as it strives to maintain its progressive stance in the industry.

The USA Patriot Act requires all financial institutions to develop and implement their own AML program and emphasizes several mandatory checks and screening capabilities. Accordingly, a firm’s USA Patriot Act Anti-Money Laundering program must be built around the following criteria:

  • The Company must develop internal Anti-Money Laundering policies, procedures, and controls;
  • An AML Compliance Officer must be appointed to oversee the Anti-Money Laundering program;
  • Employees must receive ongoing Anti-Money Laundering training; and
  • The Anti-Money Laundering program must be independently audited regularly.

The Financial Action Task Force (FATF) defines UBO as “the natural person(s) who owns or controls a customer and/or the natural person on whose behalf a transaction is being conducted. It also includes those persons who exercise ultimate effective control over a legal person or arrangement.” UBO is defined as the following.

  • Owning >= 25% of share capital;
  • Exercise at least 25% of voting rights;
  • Beneficiaries of at least 25% of an entity’s capital;
  • Persons with power of attorney;
  • Guardians of minors;
  • Corporate directors or nominee directors that are appointed to conceal the true owners of a given firm; and
  • Shareholders, including the holders of bearer shares that may be transferred anonymously.
Transfi Logo
Borderless Payments, Boundless Potential — Try out and be a part of the global payment revolution today!
Rating of Transfi - Excellent on Trustpilot
Star to show our rating on Trustpilot
Star to show our rating on Trustpilot
Star to show our rating on Trustpilot
Star to show our rating on Trustpilot
Star to show our rating on Trustpilot
Excellent
English (US)

Subscribe to newsletter

Thank you! Your submission
has been received!
Oops! Something went wrong while submitting the form.

Follow us

Linkedin IconTwitter IconTelegram IconInstagram IconInstagram IconInstagram Icon
Services are provided by Trans-Fi UAB (registration no. 306117433) with an address at Lvivo st. 21A, LT – 09313, Vilnius, Lithuania (Flow business center, 2nd floor, Workland). Lithuania operating under virtual asset service provider licenses issued by Financial Crime Investigation Service of Lithuania.
Copyright ©2025 Trans-Fi UAB | All Rights Reserved
Buy & Sell Digital Assets
|
Policies
|
Contact Sales