Policy for the prevention of Money laundering and Terrorist financing

CONTENTS
1. General provision
2. Definitions
3. Standard procedure for customer identification and verification
4. Simplified and enhanced due diligence procedure
5. Data collection and record keeping
6. Risk assessment
7. Interaction with the client
8. Monitoring of business relations
9. Understanding the client’s risk profile and the risks associated with new and existing
technologies.
10. Decision making
11. Risk
12. International Sanctions
13. Procedure for reporting suspicious and unusual transactions
14. Person responsible for the fulfillment of AML/CFT obligations
15. Rules for internal control
16. Training of employees
17. Violation of the obligation to register information and keep documentation
18. Outsourcing
19. Requests from responsible authorities

Approved by the Management on 26.02.2024


1. General provision

1.1. This procedural rule sets out the internal security measures for carrying out due
diligence and detection of suspicious and unusual transactions in all areas of activity of
Global Performance Group LTD (” Company “).
1.2. All relevant staff must be aware of and comply with the requirements set out in the Anti-Money Laundering Measures Act (AMLA), guidance on the characteristics of suspicious transactions likely to involve money laundering and terrorist financing, other guidelines for complying with the provisions of the Measures Against the Financing of Terrorism Act and Implementing Regulation of the Act on Measures against Money Laundering and Anty- Money Laundering Measures Act relating to the Company’s activities, Directive (EU) 2015/849 of the European Parliament and of the Council of May
20, 2015, to prevent the use of the financial system for the purposes of money laundering and financing of terrorism; The recommendations of FATF, the Council of Europe Convention on Money Laundering, Tracing, Seizure and Confiscation of the Proceeds of Crime and the Financing of Terrorism (CETS 198), signed in Warsaw on 16.05.2005, the so-called Warsaw Convention; as well as this By-law.
1.3. All relevant staff should be kept up to date with any changes in legislation
1.4. A copy of this procedural rule is available to all relevant employees. This guide sets out the necessary approach to customer due diligence (“CDD”) procedures in Global Performance Group LTD which must be followed when it undertakes an interaction with a customer and customer entities. These procedures
seek to ensure that comprehensive identification information is available about the persons and individuals with whom The Company conducts business as one measure in combating money laundering and terrorist financing. The Company will apply a riskbased policy for determining the extent of CDD measures to apply in any given situation.
This means that The Company must assess the risks of money laundering and terrorist
financing relevant to its business operations. The Company must determine the highrisk activities/business to which it may be exposed, taking into consideration factors
such as:
– the type of customer;
– the type of products/services/transactions the customer is using or conducting;
– the geographical areas of the customer’s operations;
– the amounts


2. Definitions

2.1. What is money laundering?
2.1.1. Conversion or transfer of property obtained from criminal activity or acquired property in lieu of such property, knowing that such property was obtained by criminal activity, or from an act of engaging in such activity for the purpose of concealment or concealment of the illegal origin of the property or assistance to any person involved in carrying out of such activity to avoid the legal consequences of such person’s actions.
2.1.2. The acquisition, possession, or use of property derived from criminal activity, or property received in lieu of such property, knowing at the time of receipt that such
property arises from criminal activity or from an act of participation in it.
2.1.3. Concealing or disguising the true nature, source, location, disposition, movement, rights, or ownership of property derived from criminal activity or property received in lieu of such property, knowing that such property is derivative from criminal activity or from
an act of participation in such activity.
2.2. What is terrorist financing? The distribution or raising of funds to plan or carry out acts that are considered to be terrorism or to finance the operations of terrorist organizations, or with the knowledge that the funds granted or raised will be used for the aforementioned purposes.
2.3. What is a risk country? Countries or regions of interest where the risk of money laundering or terrorism is high. A risk country is a country or jurisdiction that:
1. According to reliable sources such as peer reviews, detailed evaluation reports or published follow-up reports, has not established effective anti-money laundering
and systems for combating the financing of terrorism ( AML/CFT ).
2. According to credible sources, there are significant levels of corruption or other criminal activity.
3. Subject to sanctions, embargoes, or similar measures issued for example by the European Union or America (OFAC).
4. Provides financing or support for terrorist activities or has designated terrorist organizations operating in their country as indicated by the European Union or America (OFAC).
2.4. What is a high-risk country? The country referred to in a delegated act adopted on the basis of Article 9(2) of Directive (EU) 2015/849 of the European Parliament and of the Council on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing. The current list is available here:
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:32016R1675
2.5. Who is a Politically Exposed Person (PEP)?
A natural person who performs or has performed prominent public functions, as well as
their family members and close associates. However, persons who on the date of
conclusion of the transaction have not performed prominent public functions at least one
year before, as well as their family members or close associates are not considered
politically exposed persons.
1. For the purposes of these procedural rules, the following persons are persons
performing prominent public functions:
a) state, head of government, minister, and deputy or assistant minister;
b) a member of parliament or a similar legislative body, a member of a governing body
of a political party, a member of the Supreme Court, a member of the Audit Chamber, or on the board of a central bank;
(c) an ambassador, chargé d’affaires, or high-ranking officer in the armed forces;
d) a member of an administrative, management, or supervisory body of state property enterprise;
(e) a director, deputy director or board member, or equivalent position of an international
organization, excluding middle-ranking or lower officials.
2. The following persons are considered family members of a prominent person public functions:
(a) the spouse or a person considered equivalent to a spouse, of a political prominent person or local political figure;
b) a child and his spouse or a person considered equivalent to a spouse, of a politically exposed person or a domestic politically exposed person;
c) a parent of a politically prominent person or a local political figure.
3. The following persons are considered close associates of a prominent person public functions:
a) a natural person known to be a beneficiary or to have a joint beneficiary ownership of a legal entity or legal arrangement, or other related business connections with a politically significant person or a local political figure;
b) a natural person who is the owner of a legal entity known to have been created for the actual benefit of a political famous person or local politician.
4. Local politically significant persons are:
a) a person who is or has been entrusted with prominent public functions in the country in which the license is applied,
b) a person who is or has been entrusted with prominent public functions in another
contracting state of the European Economic Area or in an institution of the European
Union.
2.6. What is the Anti-Money Laundering Measures Act (AMLA)? The legal act regulates the activity of credit and financial institutions, other enterprises, and institutions.
2.7. What is the Law on Measures Against the Financing of Terrorism? This law defines the measures against the financing of terrorism, as well as the order and control of their implementation. The objectives of this law are the prevention and detection of actions of individuals, legal entities, groups, and organizations aimed at financing terrorism.
2.8. Who is the company’s customer? A natural or legal person who uses or has used one or more services offered by the  Company. The company restricts any countries subject to EU and US sanctions. The company does not conduct business or offer services to citizens or within the territories of the USA and UK. If a client attempts to access the system using a VPN and enters personal data from countries subject to automatic IP blocking, the responsible employee must decline approval of the client’s KYC document.
2.9. Who is a suitable employee? A person who conducts KYC/AML/CFT measures in the Company regarding the client.
2.10. What is a business relationship? For the purposes of this procedural rule, a business relationship is an ongoing contractual relationship with a customer.
2.11. What is Transaction Monitoring? Any monitoring and investigation of transactions conducted by an employee for a customer.
2.12. Who is the ultimate beneficial owner of a legal entity Ultimate Beneficial Owner (UBO)? The ultimate beneficial owner refers to the individual(s) who ultimately owns or controls the customer and/or the natural person on whose behalf the transaction is carried out. It also includes those who exercise ultimate effective control over a legal entity or arrangement. References to “ultimately own or control” and “ultimate effective control” refer to situations where ownership/control is exercised through a chain of ownership or by means of control other than direct control. This definition should also apply to the owner or beneficiary of a life insurance policy or other investment-linked insurance policy. A UBO is a private entity that owns or controls more than 25% of the legal entity.


3. Standard procedure for customer identification and verification

3.1. The relevant employee must identify all customers who wish to use the Company’s services based on identity documents and must record the identification and transaction information, regardless of whether the customer is a regular customer or not.
3.2. The person must be identified:
a) before establishing business relations;
b) in case of suspicious customer behavior;
c) when verifying the information or in case of doubt as to the sufficiency or the reliability of the documents or data collected when updating the customer data.
3.3. If the customer is a natural person, he must provide:
a) your full name;
b) their PIN or, if there is none, the date and place of birth and
address ;
c) if the customer actually represents another private person who is the real customer (by power of attorney, by inheritance, or otherwise) it is necessary to collect information regarding the identification and verification of the right of representation and its scope and, where the right of representation does not derive from the law, name of the document that served as the basis for the right of representation, date of the issue and the name of the issuer;
3.4. Identification documents that do not bear photographs or signatures are not considered appropriate evidence of identity. Reasonable measures should be taken to identify, verify, and record the identity of the ultimate beneficial owner( UBO) if the customer is a business entity. All transactions undertaken through the course of the business relationship will be closely monitored, to ensure that the transactions being conducted are consistent with the Company’s knowledge of the client, their business, and risk profile including, where necessary, the source of funds. Generally, the identification documents should be originals in color. However, where it is impractical or
impossible to obtain sight of original documents for identification purposes, a copy is
acceptable if:
i. it has been certified by a suitable certifier as being a true copy of the original
document and that the photograph is a true likeness of the client;
ii. the certifier signs the copy document (printing his name clearly underneath)
and has also clearly indicated his position or capacity, together with a contact
address and telephone number; and
iii. the certifier produces his original Identification documents. It should be a
colored copy.
The following valid color copies of documents serve as a basis for identification:
a) identity card;
b) passport;
c) diplomatic passport;
d) identity card of a citizen of the European Union;
e) driver’s license with license, if the document shows the name, photo, or image of the person, image of signature and date of birth, and personal identification code of its holder.
f) Certificate of permanent address not older than 3 months. (bank account statement, utility bills such as electricity, water, heating, etc.)
g) Verification takes place on the basis of two different identification documents.
3.5. When identifying a person, the relevant employee is obliged to check the validity of an identity document. The employee must also make sure that the person is, in fact, the one presented with the document. To estimate the age of the person. In case of doubt as to the identity of the person, the relevant officer is obliged to request additional information about the person. When sending a document that does not match the person or is invalid, the relevant officer must refuse the customer registration and notify the relevant Compliance Officer. In the event that the document indicating the address is older than 3 months, the employee must refuse to register the client until an up-to-date address is provided.
3.6. The relevant employee verifies the correctness of the customer data, using information from a reliable and independent source for this purpose. Check whether the identified person has a valid document specified in section 3.4 or an equivalent document. Check if the person is identified and if the identifying information is verified. The customer is considered identified if he has provided identification data and it is sufficient to verify the customer’s identity in an irrefutable way. (for example, using specific KYC software). The client is considered verified and the person’s identity is verified based on collected documents or funds of electronic identification in which the validity of the document appears from electronic means or manually.
3.7. If the client is a legal entity (for example, a company), it must provide:
a) the name or company name of the legal entity;
b) registration code or registration number and date of registration;
c) the names of the director, members of the management board, or other substitute body the management board and their authorization to represent the legal entities face;
d) details of the contact information of the legal entity, state of registration, and activity
e) main activity of the legal entity
f) amount of monthly turnover
8. The relevant official identifies a legal entity based on the provided identification data and a check in the relevant trade register if it is public and/or has access to such information through means of electronic identification such as KYC software. In the event that he cannot verify the identification data in the above ways, the employee requires company documents such as:
A certificate of registration. Incorporation act, Certificate of good standing, or other document certifying the collected identification data. In situations where the relevant employee cannot obtain satisfactory evidence of the identity of the Customer, he should :
i. Not carry out the transaction for the customer (one‐off transaction )
ii. Not establish a business relationship (new business)
iii. Discontinue the business relationship (existing business) AND report the matter
to the Compliance Officer.
3.9. The concerned officer should identify the beneficial owners of the capital (UBO) for
the purpose of verifying their identity and taking measures to ensure that he/she knows
who the beneficial owners are and understands ownership and the control structure of
the client and/or the person involved in the transaction.
3.10. The relevant officer verifies the correctness of the information of a legal entity by
using information originating from a reliable and independent source for this purpose.
When the concerned officer is able to verify the information through such direct access,
the submission of the documents specified in section 3.8 need not be requested from
the customer.
3.11. If the customer is a foreign legal entity (for example, a company), it must provide, in addition to the information in section 3.7, a Certificate of Registration or similar constituent document, depending on the country of origin. The document should be
notarized and/or legalized and/or certified with an apostille unless otherwise stipulated in an international agreement.
3.12. A representative of a legal entity of a foreign country must at the request of the relevant employee, for example, when the right of representation does not appear in the representation document/s, to present a document certifying his authority (power of attorney) which is certified by a notary and/or legalized and/or certified with an apostille, unless otherwise provided in an international agreement.
3.13. The relevant employee may request additional information about the customer ifthere is any suspicion about the customer’s identity or behavior. Such additional information must be commensurate with the increased risk and, when received, must explain the observed risk.
3.14. The relevant officer, when serving customers under the relevant licenses, shall
apply the law applicable to the license.


4. Simplified and in-depth (CDD, ECDD) due diligence procedure

4.1. The company may apply simplified due diligence measures if the customer is:
a) A company registered on a regulated market, which is obliged to disclose certain information in accordance with the law of the European Union;
b) public legal entity;
c) a state body or other body performing public functions in a contracting state of the European Economic Area;
d) body of the European Union;
e) a credit institution or financial institution acting on your behalf, located in a country of the European Economic Area or in a third country with the same requirements, whose implementation is subject to state supervision.
4.2. When identifying and verifying such a customer, the following circumstances are taken into account:
Criteria indicating a low level of risk:
a) the customer can be identified based on publicly available information;
b) the client’s ownership and control structure is transparent and permanent;
c) the customer’s operations and their accounting or payment policies are transparent;
d) the customer is reported to and controlled by an executive authority or a public authority in a country of the European Economic Area or an authority of the European Union.
4.3. The officer concerned should undertake Enhanced Due Diligence (EDD) if any higher money laundering or terrorist financing risk such as:
a) there are doubts about the accuracy of the data provided, the authenticity of documents or identification of the beneficial owner;
b) the client is a politically exposed person ( PEP );
c) the customer is from a high-risk third country or its place of residence or registered office or the registered office of the payee’s payment service provider is in a high-risk third country;
d) the customer is from a risky country or from a territory that is considered offshore.
4.4. Other factors that relate to a higher risk for the client:
a) When there are unusual factors in the onboarding of the customer or when there are unusual transaction patterns without a clear economic or legal purpose;
b) The Client is a legal entity or a legal entity that is a Holding or a Joint Venture (JV)
c) The customer is a cash-intensive business (gambling, payment provider,cryptoassets, restaurant, night club, etc.) ;
d) The client is a company whose owners appear to be persons employed under
fiduciary agreements (often lawyers) or whose related companies are owned by persons
employed under such agreements
e) The ownership structure of the client company appears unusual or excessively complex, given the nature of the company’s activities.
4.5. Other factors that relate to a higher risk associated with the product, service, transaction, or shipping method :
a) Products /services that favor anonymity;
b) Payments received from unknown or unrelated third parties;
c) new products and new business practices, including a new delivery mechanism, and the use of new or emerging technologies for both new and existing products.
4.6. The relevant officer must identify what the risks are in each particular case and take action on any appropriate measures to mitigate these risks. As the case may be, the relevant official may apply one or more of the following due diligence measures:
a) verification of additional information provided when identifying the person based on additional documents, data, or information originating from reliable and independent sources;
b) collecting additional information about the purpose and nature of the business
relationship, transaction or operation and verify the information provided based on additional documents, data, or information that originates from a reliable and independent source;
c) collection of additional information and documents regarding the actual implementation of transactions carried out in the business relationship to exclude
appearances of transactions;
d) collection of additional information and documents for the purpose of identification of source and origin of the funds used in a transaction carried out in the business relationship, in order to exclude the appearance of transactions;
e) making the first payment related to a transaction through an account that was opened in the name of the client participating in the transaction in a credit institution registered or with a place of business in the European Economic Area or in a country where the requirements are equal to those of Directive (EU) 2015/849 of of the European Parliament and are in force;
4.7. The relevant officer, when serving customers under the relevant licenses, should apply the law under the license.


5. Data Collection and Record Keeping

5.1. The Company undertakes to keep all records of the Client and the conduct of the Clients in such a way that it can always be presented to inspectors checking recorded and e-transactions.
5.2. The official concerned shall state his name and, if the document is on paper, his or her signature at the end of each entry.
5.3. The Compliance officer is responsible for storing all relevant data.
5.4. Customer’s personal data, customer transaction, and other relevant information must be kept for no less than 5 years after the termination of the business relationship.
5.5. If the customer does not provide all the necessary documents and relevant information, or if based on the documents provided, the relevant officer suspects money laundering or that terrorist financing may be involved, the relevant officer should not onboard such a client, or if the suspicion is subsequently raised, should not allow the transaction to take place. The employee must inform the Compliance officer and record and transmit as many details as possible about the suspicious customer and/or transaction.
5.6. The relevant employee, when serving customers under the relevant licenses, follows the law under that license.
5.7. Global Performance Group LLC is required, under Article 68(9) of MiCA, to maintain records that are comprehensive enough to enable competent authorities to carry out their supervisory tasks and enforcement measures. This includes the verification of compliance by the crypto-asset service provider with all obligations, especially those related to clients or prospective clients, and the market’s integrity. In that regard, the record-keeping policy has been formulated in alignment with the mandate for CASPs to maintain comprehensive records of all crypto-asset services, activities, orders, and transactions conducted by them. Global Performance Group LLC is obligated to furnish the policy to both competent authorities and clients upon request.


6. Risk assessment

6.1. When serving customers under the relevant licenses, the relevant employee should comply with the law applicable to the license.
6.2. The relevant officer shall analyze the client and his/her behavior on the basis of the data and observations provided and shall undertake an investigation in which he/she shall invest efforts proportionate to the risk and complexity of the case.
6.3. If the relevant officer identifies additional risks, he will need to conduct an investigation and study to understand these risks in the context of the case.
6.4. If the Relevant Officer identifies additional risks, he will need to collect additional evidence to support his opinion and identify any additional risks.
6.5. The following questions can help determine whether a transaction is suspicious or not and whether there is a risk of money laundering or terrorist financing:
a) Is the transaction or pattern of transactions inconsistent with the customer’s business?
b) Whether the amount of the transaction is inconsistent with the customer’s normal activities as determined at the initial identification stage?
c) Are there other transactions related to the transaction in question for which The company is aware and may intend to hide money and divert it in other forms to other destinations or beneficiaries.
d) Is the transaction rationale for the customer?
e) Has the customer’s transaction pattern changed?
f) Is the payment method proposed by the customer unusual in the context of the services provided by the Company?
6.6. To identify, understand, and assess the risks of money laundering and terrorist financing in its activities, Global Performance Group Ltd. carries out a Risk Assessment in accordance with Art. 98 of the ZMIP, taking into account the risk factors related to its activity, including those related to customers, countries or geographical areas, the products and services offered, the operations and transactions performed, and/or the delivery mechanisms.
6.7. The Risk assessment is updated at least once every two years, unless the normative acts, the national Risk assessment under Art. 95, para. 1 of ZMIP (“National Risk Assessment”) and the supranational Risk assessment and recommendations of the European Commission under Art. 95, para. 2 of the ZMIP (“Supranational risk assessment”), instructions and recommendations of competent authorities or significant changes in the risk factors related to the activity do not require an earlier update.
6.8. When preparing and updating the Risk Assessment, the Global Performance Group LTD takes into account and reflects the results of the National Risk assessment under Art. 95, para. 1 of the ZMIP, as well as the results of the supranational Risk assessment and the recommendations of the European Commission under Art. 95, paragraph 2 of the ZMIP, as well as the sector assessment for crypto-assets.
6.9. The Risk assessment is carried out by the Head of the “Regulatory Compliance and Internal Audit” department (external consulting company for Global Performance Group Ltd.).When preparing a Risk Assessment, following the obligations under Art. 99 of the ZMIP, Global Performance Group Ltd. should take into account and comply with the results of the Supranational Risk Assessment (“NRA”) and National Risk Assessment
(“NRA”). It also complies with the Risk Events and Summary Risk Events Matrix for Money Laundering and Terrorist Financing in the crypto-assets sector.
6.10. Global Performance Group Ltd. notifies its employees of the results of the prepared Risk assessment no later than 30 days after the preparation and, if necessary, conducts training related to the implementation of certain measures to reduce the identified risks.


7. Interaction with the client

7.1. The relevant employee may contact the customer to clarify the information provided or requested or to request additional information that is necessary to identify the customer or to address identified risks.
7.2. The officer concerned should not request unnecessary or irrelevant information. The request for additional information should be related to the risks of the case and after receiving the customer’s response, the relevant employee may close the case or report the case to the Compliance Officer. If the risk of money laundering or terrorist financing is very high, the relevant official reports the case to the Compliance Officer without requesting further information from the client.
7.3. The employee concerned should never express himself in words that give a reason for the customer to understand that his/her activity is suspicious and may be subject to further discussion and report no to the Compliance Officer.


8. Monitoring of business relations

8.1. Transaction monitoring will be initiated based on customer behavior triggers or manually by the concerned officer or the compliance officer. A relevant officer
should investigate each case initiated.
8.2. The relevant employee cannot work on the case if the client in question is nearby person of that relevant employee or customer who is in any other way connected with him.
8.3. The relevant officer must assess the risks of the case. Every risk should be addressed and documented.
8.4. The concerned officer should conduct a customer survey to determine the customer profile and to identify the source and origin of the funds used in a transaction.
8.5. The concerned officer should carry out a survey of all counterparties if applicable for the case.
8.6. The appropriate officer must document all findings regarding the customer and the customer’s conduct that support the appropriate officer’s decision to close or escalate the case to the Compliance Officer.
8.7. The relevant officer, when serving customers under the relevant licenses, follows the applicable license right.


9. Understanding the client’s risk profile and the risks associated with new and existing technologies

9.1. During the monitoring of the business relationship, the relevant officer should collect and report evidence of risk mitigation, if any. For this reason, the relevant employee should study and use the following information:
a) Source of origin or source of financing of the transaction (employment status, role or position in a company, employer, approximate salary, additional source of income, type of industry, etc.);
b) age of the client;
c) Location of the customer and the customer’s counterparties;
d) Customer’s transaction history;
e) the type of transactions;
f ) any negative information related to the customer;
g ) All factors that cause the client to be considered high risk;
h) The relationship between the customer and the customer’s counterparties;
i)The relationship between the customer and the customer’s place of residence.
j) Other information that helps to understand the customer, the customer’s activity, and its counterparties.
9.2. The concerned employee should always be aware that new, existing, and emerging technologies may enable the customer to hide their true identity or commit fraud. Therefore, the relevant employee assesses the risk of new and emerging technologies and addresses it within the customer onboarding process and within transaction monitoring.
9.3. In response to remote work and telecommuting, the Company recognizes an elevated risk of cybersecurity events. To address this concern, Global Performance Group LTD are steadfast in its commitment to proactive surveillance and the implementation of strategic measures aimed at reducing the vulnerability to cyber threats. The detailed actions taken by the company are outlined thoroughly in its Business Continuity Policy and Plan.
9.4. The relevant officer, when serving customers under the relevant licenses, follows the law applicable to the license.


10. Decision-Making

10.1. After each review of the case, the relevant officer will make a final decision whether to report it to the Compliance officer or close the case accordingly based on the evidence gathered on the case and present a final conclusion that supports the decision reached.
10.2. When making a final decision, the relevant employee must:
a) Complete the research about the customer, the behavior of the customer, and of the customer’s counterparties:
b) Understand the collected evidence and search for indications of unusual activities;
(c) Consider each piece of evidence separately and consider all pieces of evidence
jointly;
d) If two pieces of evidence contradict each other, consider them together;
e) Determine which evidence has the greatest impact on his analysis;
f) Identify any evidence that has the least impact on the ng analysis;
g) Determine which theory is most strongly supported by the evidence.
10.3. The relevant officer, when serving customers under the relevant licenses, follows applicable law.


11. Claim

11.1. The relevant officer checks whether the customer is a politically exposed person (PEP), a family member of the PEP or a person known to be closely associated with the PEP.
11.2. The relevant officer should refuse to include the customer or, if there is already an account to refuse to open, block the account and report to the Compliance officer in case the relevant officer also finds that:
a) the customer is a PEP;
b) the customer accesses the service from a high-risk country that is high-risk and/or is
a citizen of that country;
c) the customer is under sanctions in the European Union or the USA;
d) the client is known to be accused of money laundering or terrorist financing;


12. International Sanctions

12.1. The relevant officer checks whether each customer is subject to international
sanctions. The screening should be done during the onboarding process and regularly
thereafter. If the concerned officer has doubts about the customer, the relevant officer
should consult with the Compliance officer.
12.2. At the direction of the Compliance Officer, the relevant officer may request additional information from the customer.
12.3. The customer will not be informed that he is being checked by a list of internationally sanctioned persons and/or companies.
12.4. The relevant official can check the list of persons under international sanctions below :
https://sanctionssearch.ofac.treas.gov/
12.5. For each individual customer check, the following information is recorded:
(a) Inspection time;
b) name of the relevant official who performed the inspection;
c) Results of the inspection;
d) Measures taken.
12.6. If the relevant officer identifies a customer who is subject to international sanctions, the relevant officer must inform the Compliance Officer. If the Compliance Officer agrees the compliance officer notifies the management board of the results.


13. Procedure for reporting suspicious and unusual transactions

13.1. The Company has in place monitoring systems to ensure that business transactions are not carried out:
i. Where satisfactory evidence of identity has not been obtained
ii. With shell banks
iii. With anonymous accounts
iv. For Persons from countries that have been placed on FATF’s list of “NonCooperative Countries or Territories”.
v. For Persons designated as terrorist entities by the Security Council of the United Nations (“the UN List”).
If the relevant officer has a suspicion that he may be dealing with a suspicious and/ or unusual transaction, the employee should immediately report it to the Compliance Officer. The “Financial Intelligence” Directorate of the State Agency “National Security” shall be notified of any cash payment of a value exceeding BGN 30,000 or its equivalent in foreign currency, made by or to their client within the framework of the established relationship or in case of random transactions or operations “.
13.2. The relevant employee has no right to notify the customer of the fact that the
customer
has been reported to the Compliance Officer.
13.3. In case of doubt, the relevant officer should inform the Compliance Officer by filling out the special notification form or by e-mail. The Compliance Officer must review each report to determine whether it gives rise to suspicion. Where such suspicion is confirmed, the suspicious transaction report made by the compliance officer should be sent to the responsible authorities.
13.4. The relevant employee must report to the Compliance Officer when he or she detects suspicious customer behavior related to money laundering, including but not limited to cases where:
a) The customer makes transfers to other persons in different countries, which do not correspond to the usual activities of the person;
b) The customer informs that the funds will be withdrawn by a third party acting on his behalf and at his expense;
c) The customer’s profile does not correspond to the nature of the executed transaction from him/her.
13.5. In the case of suspected terrorist financing, the relevant officer must identify the risk associated with the client and report to the compliance officer if the risks cannot be reasonably explained.
13.6. Terrorist financing risks include, but are not limited to:
a) The individual was born in a high-risk country;
b) The person is a citizen of a high-risk country;
c) The natural person has a place of residence in a high-risk country or the legal person is registered in a high-risk country;
d) The natural person is related to a legal entity or other entity registered in high-risk country.


14. A person who is responsible for the fulfillment of the obligations under the Anti-Money Laundering Measures Act (AMLA)

14.1. The designated member of the management board is responsible for compliance with Anti-Money Laundering Act, and relevant guidelines.
14.2. The Board of Directors may appoint a Compliance Officer. The Board of Directors shall coordinate the appointment of a compliance officer with the responsible authority as deemed necessary.
14.3. A Compliance officer is a person who acts as a contact person with the responsible authorities. He is a person who ensures compliance with the measures put in place to prevent money laundering and terrorist financing within the company.
14.4. The Compliance officer has the following duties:
a) Verification of compliance with anti-money laundering requirements and conducting employee training.
b) Performing a preliminary analysis of suspicious transaction reports and deciding whether or not to refer a report to the responsible authorities.
c) Sending information to the responsible authorities in the case of a suspected money laundering and responding to inquiries and orders made by the responsible authorities.
d) Collection of information received by employees as suspicious and/or unusual actions, processing such information, and keeping records as prescribed procedure.
e) Written notification to the management board of problems arising in compliance with this internal procedural rule, instructions, and other legal acts and periodic submission of written opinions on compliance with the resulting requirements from the Anti-Money Laundering Measures Act (AMLA).
14.5. Rights of the Compliance Officer:
a) Preparation of proposals to amend this procedural rule, anti-money laundering policy, and other Company policies that are related to the fight against money laundering and preventing the financing of terrorism;
b) Monitoring of the activities of employees in the implementation of prevention measures money laundering and terrorist financing.
c) Obtaining data and information necessary to fulfill the duties of the Compliance Officer.
d) Preparation of proposals for reorganizing the process of submitting notifications for suspicious and unusual transactions.
e) Receiving training in the field.
14.6. The Compliance Officer may send the information or data that has become known to him in relation to suspected money laundering only for:
a) The Management Board of the Company or a specially appointed employee by the management board.
b) The relevant bodies, namely the Financial Intelligence Directorate of the National
Security State Agency – https://www.dans.bg/
c) authority of the preliminary investigation in criminal proceedings;
d) The court based on a court order or sentence.
14.7. In case of reasonable suspicion of money laundering or terrorist financing, the compliance officer must immediately report this to the appropriate authority.
14.9. The customer will never be notified of alerts sent about him to the relevant authority
14.10. If the activities of a client are not, in accordance with these procedural rules, completely classified as reportable activities, all future activities of such a client will be subject to increased scrutiny. If there are reasonable doubts about the client’s behavior, the relevant authority is immediately notified.
14.11. No company, employee, Compliance officer, or other person acting on behalf of the Company shall be liable for any damages that may arise from non-completion or late completion of a transaction incurred by the customer due to suspicion of terrorist financing or money laundering that has been reported in good faith to the responsible authority
14.12. The reporting and submission of relevant information shall not be considered a breach of the statutory or contractual duty of confidentiality, and such persons shall have no statutory or contractual responsibility to disclose such material information.


15. Internal control rules

15.1. The Compliance Officer is responsible for verifying the work performed by the relevant employee.
15.2. The Compliance Officer reviews the performance of the relevant employee on a quarterly basis in accordance with the following criteria:
a) the work of the relevant employee does not contradict this regulation;
b) the relevant employee has done sufficient research on the client;
c) the relevant employee has documented all evidence for the client;
d) the relevant official made a decision based on the collected evidence and the solution is documented.
15.3. The relevant employee may receive a low-performance rating from the Compliance officer if the relevant employee continuously violates the criteria specified in 14.2. In case the quality of the employee’s performance has not improved after the first notice, this may lead to an extraordinary unilateral termination of the contract.


16. Training of employees

16.1. The Compliance Officer or other anti-money laundering expert will perform training on the prevention of money laundering and the financing of terrorism for employees of the Company.
16.2. The Compliance Officer is responsible for conducting regular training. Any relevant employee confirms their participation with their signature. It is recommended to organize training if necessary, but not less often than once a year.
16.3. The Compliance Officer is required to provide instructions and induction training to all new concerned officers under the prescribed procedure after the signing of the employment contract no later than one week after starting work by the relevant employee and familiarize the new relevant employee with this Procedure and Rules against signature.
16.4. The Compliance officer has the right to make proposals to the management board regarding what training should be done.
16.5. The Compliance officer should consider the need for some staff to undergo training of a more technical nature to ensure that they are able to interpret the outcomes
of the monitoring systems used by the firm, in particular, where advanced analytics tools
are used.


17. Breach of duty to register information and keep records
17.1. Any violation of the obligation to register information and keep records as prescribed for them in the applicable laws is subject to disciplinary punishment
according to the law.
18. Outsourcing
18.1. Assignment of obligations under these Rules is permitted only with a corresponding decision by the management board. The assignment of external contractors is allowed only to those who implement measures similar to those provided for in this procedure and the applicable law. The Outsourcing Policy of Global
Performance Group LLC provides a comprehensive and detailed explanation of the outsourcing process.
19. Requests from the responsible authority
19.1. At the request of a supervisory officer of the responsible authority ( Employees of the Directorate “Financial Intelligence” of the State Agency “National Security”) all necessary documents and information should be immediately provided to inspectors.