Anti-Money Laundering (AML)
and Counter-Terrorism Financing (CTF) policy

CONTENT

Section 1. General information

Section 2. Compliance

Section 3. Customer Due Diligence (CDD)

Section 4. Final Provisions

Section 1. General information

1. Introduction

Purpose
This Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) policy outlines the measures and procedures implemented by CoinsAU (the “Company” or “we”) to prevent and detect activities associated with money laundering and terrorism financing. The company has implemented this Policy to fulfill its responsibilities under the Act and Rules as a company providing designated services. The Director(s) and Senior Management have officially approved and adopted this Policy.
This policy applies to all employees, contractors, and users of CoinsAU involved in cryptocurrency trading and related activities.

2. Legal and Regulatory Compliance

Australian Legislation
CoinsAU is committed to complying with the relevant AML/CTF laws and regulations in Australia, including but not limited to:

Regulatory Reporting
CoinsAU will promptly report any suspicious transactions to the Australian Transaction Reports and Analysis Centre (AUSTRAC) as required by law.

3. Key Definitions

Section 2. Compliance

4. Role and Responsibilities - Director(s)/Senior Management

The Director(s)/Senior Management hold the following roles and responsibilities:

These tasks may be accomplished through:

5. Role and Responsibilities - Compliance Officer

The Compliance Officer, appointed by the Director(s)/Senior Management, holds the following key responsibilities:

Overall Compliance:

Reporting to Director(s)/Senior Management:

ML/TF Risk Assessments:

Suspicious Matters:

Risk Awareness Training:

Determination of Reliable and Independent Documentation/Electronic Data:

6. General overview related to AUSTRAC Reporting

The Company bears the following reporting obligations:

Registration as a DCE and Renewal of DCE Registration:

AML/CTF Compliance Report:

Changes to Enrolment Details:

Suspicious Matters:

The Compliance Officer is tasked with ensuring the Company adheres to the above registration and reporting obligations. Additionally, any serious non-compliance with these reporting obligations must be promptly notified to AUSTRAC. The Compliance Officer serves as the nominated contact officer for interactions with AUSTRAC.

7. Suspicious Matter Reporting (SMR)

All employees are required to promptly inform the Compliance Officer of any suspicious matter. A suspicious matter arises when there are reasonable grounds to suspect that:

Examples of potentially suspicious matters include doubts about a customer's identity, requests for uneconomic transactions, engagement in tax evasion, significant unexplained wealth, unusually complex structures, unusual payments/transfers, customers from high-risk countries, or funds from unknown or illegal sources.

Employees are prohibited from discussing potentially suspicious matters with anyone other than the Compliance Officer. The Compliance Officer is also restricted from informing others about the activity or the SMR.

Steps on Receiving Notification of Suspicious Matter:

Upon notification of a suspicious matter, the Compliance Officer will investigate by gathering background information from the reporting employee. If the Compliance Officer forms a reasonable suspicion:

If needed, the Compliance Officer will consult with AUSTRAC and relevant enforcement agencies to determine the best course of action regarding a customer with a lodged SMR. Employees and the Compliance Officer must not disclose information about a suspicious matter to anyone (other than AUSTRAC), except to a lawyer for legal advice. The Compliance Officer will determine whether to provide or cease designated services to a customer based on the suspicion. Enhanced Customer Due Diligence is required for irregular customer behavior to decide if it is truly suspicious and reportable.

8. Risk Assessment

The Company must have procedures in place to identify, mitigate and manage the ML/TF risks that it may face in providing designated services. To meet these obligations, the Company has adopted a risk-based approach.

In adopting a risk-based approach, the Company has:

The Company's risk-based approach uses an internal methodology to measure risks based on likelihood and consequence, having regard to the Company's knowledge of its customers, products and limited delivery channels. The Company has considered the following key ML/TF risks:

The Company has identified and assessed its ML/TF risk in the context of the Act and Rules and the level of ML/TF risk the Director(s)/Senior Management is prepared to accept. The result of the ML/TF risk assessments undertaken will be used:

The Company's risk-based approach involves the following steps:

Step 1 - Risk Identification:

Step 2 - Risk Assessment:

Step 3 - Risk Treatment:

Step 4 - Risk Monitoring and Review:

9. Risk Awareness Training

The Compliance Officer is responsible for ensuring that risk awareness training is delivered to all employees that satisfy the following requirements:

The Compliance Officer may determine that it is appropriate for other employees that do not satisfy these requirements to be provided with risk awareness training. The Compliance Officer is responsible for ensuring that Relevant Employees receive:

The risk awareness training will cover the following:

The Compliance Officer is responsible for:

10. Know Your Transaction (KYT)

The company is committed to implementing a robust Know Your Transaction (KYT) framework to enhance vigilance and mitigate the risk of money laundering and terrorism financing associated with transactions conducted through our services.

More detailed is delineated in a separate company’s policy.

Transaction Documentation

The company will ensure that appropriate transaction documentation is collected and maintained, enabling a clear understanding of the nature and purpose of each transaction.

Customer Verification

KYT procedures will include the verification of customer information associated with transactions, ensuring consistency with the details provided during onboarding.

Transaction Risk Assessment

The company will conduct transaction risk assessments to identify and prioritize high-risk transactions, focusing on those with potential links to money laundering or terrorism financing activities.

Ongoing Monitoring

Ongoing monitoring of transactions will be conducted to detect any unusual patterns or deviations from established customer behavior, triggering further investigation when necessary.

11. Fiat Transaction Monitoring

The company will implement a Fiat Transaction Monitoring framework (delineated in a separate policy) to systematically review and analyze transactions, enabling the identification of suspicious activities and enhancing compliance with AML/CTF regulations.

Monitoring Systems according to indicators – red flags

The company will utilize monitoring systems to systematically analyze transactional data, identifying patterns or anomalies that may indicate potential money laundering or terrorism financing activities.

The main indicators are the following:

Alerts and Reporting

The company will establish procedures to promptly respond to alerts generated by the transaction monitoring systems, and if necessary, report suspicious transactions to the relevant authorities in accordance with legal obligations.

Regular Review and Enhancement

The Transaction Monitoring framework will be subject to regular review and enhancement to adapt to emerging risks and changes in regulatory requirements, ensuring its effectiveness in detecting and preventing illicit activities.

Section 3. Customer Due Diligence (CDD)

12. General information about CDD

The Company's customer due diligence procedures include:

The Company will consider the following factors when identifying its exposure to ML/TF and developing its customer due diligence procedures:

Identification and Verification

The Company will conduct thorough customer due diligence before allowing any user to trade on the platform. This includes verifying the identity of users through official documentation.

Enhanced Due Diligence

Enhanced due diligence will be conducted for high-risk transactions or customers, including those from high-risk jurisdictions.

13. Initial Customer ML/TF Risk Assessment

In light of the Company's comprehensive ML/TF risk assessment and the classification of risks as LOW/MEDIUM, the Company has opted to implement processes for collecting and verifying customer information designed for low/medium ML/TF risk customers within this Policy. Subsequently, the Company will proceed to assess the ML/TF risk specific to each customer. If any high-risk triggers are identified, the customer will be categorized as having a high ML/TF risk and treated accordingly.

The Company shall not provide designated services to customers based on the following:

These stringent measures ensure a proactive and risk-aware approach in providing designated services, aligning with the determined ML/TF risk levels.

14. Enhanced Customer Due Diligence (ECDD)

Enhanced Customer Due Diligence will be implemented where the Company determines that:

The Company will not provide designated services to customers against whom sanctions have been imposed or have been included on Sanction Lists.

The Compliance Officer will:

Steps in Enhanced Customer Due Diligence:

Step 1 - Seek Further Information:

Step 2 - More Detailed Analysis:

Step 3 - Verify or Reverify Information:

Step 4 - Analysis and Monitoring of Transactions:

Step 5 - Director(s)/Senior Management Approval:

The Company's processes for identifying high ML/TF risk customers for the purposes of conducting Enhanced Customer Due Diligence includes the following steps:

Step 1 - Identifying "Red Flags":

Step 2 - Notifying the Compliance Officer:

Step 3 - Compliance Officer Assessment:

Red Flags for Identification:

Customer Applications and Transactions:

Documentation Verification:

Customer Communication:

15. Politically Exposed Persons (PEPs)

A Politically Exposed Person (PEP) is an individual holding a prominent public position or function. These include:

1. Primary PEPs (Individuals in Prominent Positions):

2. Immediate Family Members of Primary PEPs:

3. Close Associates of Primary PEPs:

For the purposes of step 2 in the table below, the following PEP classifications apply:

Employees undertaking the identification or verification process are responsible for:

For all customers, the Company is required to determine whether the customer or Beneficial Owner is a PEP. This is done by following the below process:

Step 1 - Perform Searches:

Step 2 - Refer to Compliance Officer:

Step 3 - Risk Assessment:

Step 4 - Collect Further Information:

Step 5 - Verification:

Step 6 - Director(s)/Senior Management Approval:

Employees involved in identification or verification processes must make decisions or refer uncertainties to the Compliance Officer. Awareness of PEP-associated risks and immediate reporting of information or suspicions to the Compliance Officer is crucial. The Compliance Officer takes measures to establish the source of wealth and funds for all PEP-involved customers.

16. CDD for Individual

Where the Customer is an individual, the Company must be reasonably satisfied that the individual is the person that they claim to be. The necessary steps to be completed:

Collect

Collect the following information:

For individuals identified as PEPs, collect all of the information mentioned above before the provision of a Designated Service, or as soon as possible after it has been provided. Only if there are reasonable grounds to consider that a Beneficial Owner of a Customer is not the same as the Customer, collect the full name and either the date of birth or residential address of the Beneficial Owner.

Verify

Verify the following details:

Verify the same for PEPs and Beneficial Owners.

Verification method

All information collected must be verified based on reliable and independent documentation, or reliable and independent electronic data, or a combination of both. The following procedure should be conducted in all cases, where possible:

Australian documentation

Foreign documentation

Simplified identification procedure where ML or TF risk is medium or low

The Customer identification procedure will be taken to have been met in respect of a Customer who is determined to be of a medium or low risk if the following steps are taken:

Alternatively, the required KYC Information may be verified using reliable and independent electronic data from at least two separate data sources and either the Customer’s date of birth using reliable and independent electronic data from at least one data source or that the Customer has a transaction history for at least the preceding three years.

Collection and verification of additional information

The Company will have regard to the ML and TF risk relevant to the provision of the Designated Service in determining:

17. Companies’ DD Procedure

Where the Customer is a domestic or foreign company, the Company must be reasonably satisfied that the company exists and must collect and verify information relating to its Beneficial Owners.

The necessary steps to be completed:

Collect

Australian company Foreign company registered by ASIC Foreign company not registered by ASIC
The full name of the company as registered by ASIC The full name of the company The full name of the company
N/A The country in which the company was formed, incorporated or registered The country in which the company was formed, incorporated or registered
N/A Whether the company is registered by the relevant foreign registration body Whether the company is registered by the relevant foreign registration body
N/A If the company is registered by the relevant foreign registration body, the name of the relevant foreign registration body If the company is registered by the relevant foreign registration body, the name of the relevant foreign registration body
The full address of the company’s registered office in Australia If the company is registered by the relevant foreign registration body, the full address of the company in its country of formation, incorporation or registration as registered by the relevant foreign registration body If the company is not registered by the relevant foreign registration body, the full address of the principal place of business of the company in its country of formation or incorporation
OR If the company is not registered by the relevant foreign registration body, the full address of the principal place of business of the company in its country of formation or incorporation If the company is not registered by the relevant foreign registration body, the full address of the principal place of business of the company in its country of formation or incorporation
The ACN issued to the company The ARBN issued to the company Any identification number issued to the company by the relevant foreign registration body upon the company’s formation, incorporation or registration
Whether the company is registered by ASIC as proprietary or public company Whether it is registered as a private or public company by the relevant foreign registration body Whether it is registered as a private or public company by the relevant foreign registration body
If the company is registered as a proprietary company, the name of each director of the company If the company is registered as a private company by the relevant foreign registration body – the name of each director of the company If the company is registered as a private company by the relevant foreign registration body – the name of each director of the company
If the company is a regulated company, the name of the regulator and details of the relevant licence If the company is a regulated company, the name of the regulator and details of the relevant licence
If the company is a proprietary company and is not a regulated company, the name and residential address of any individual who owns through one or more shareholdings more than 25% of the issued capital of the company If the company is a proprietary or private company and is not a regulated company, the name and residential address of any individual who owns through one or more shareholdings more than 25% of the issued capital of the company
If the company is a majority owned subsidiary of an Australian listed company, the name of the Australian listed company and the name of the relevant market/exchange
If the company is a listed company, the name of the relevant market/exchange
The nature of the business activities carried out by the company
The full name and either the date of birth or residential address of each Beneficial Owner of a proprietary or private company (other than a company which is verified under the simplified company verification procedure or a foreign public company which is listed on a stock exchange and subject to ‘transparency of Beneficial Owner’ disclosure requirements which are the same as, or comparable to, the requirements which exist in Australia, or a proprietary company that is licensed and subject to the regulatory oversight of a Commonwealth, State or Territory statutory regulator)

Verify

Verify the following information:

Company type Verify the following information
Australian company The full name of the company as registered by ASIC
Whether the company is registered by ASIC as a proprietary or public company
The ACN issued to the company
Foreign company registered by ASIC The full name of the company as registered by ASIC
Whether the company is registered by the relevant foreign registration body, and if so whether it is registered as a private or public company
The ARBN issued to the company
Foreign company not registered by ASIC The full name of the company
Whether the company is registered by the relevant foreign registration body and if so:
any identification number issued to the company by the relevant foreign registration body upon the company’s formation, incorporation or registration; and
whether the company is registered as a private or public company
Listed company (foreign or Australian) That the company is a listed company
Majority-owned subsidiary (foreign or Australian) of an Australian listed company That the company is a majority owned subsidiary of an Australian listed company
Regulated company (foreign or Australian) That the company is subject to regulatory oversight

Verification method

Verification is to be based as far as possible on reliable and independent documentation, reliable and independent electronic data or a combination of both. With regard to the verification of KYC Information for foreign companies, the Company must have regard to the ML and TF risk relevant to the provision of the Designated Service, including the jurisdiction of incorporation of the foreign company as well as the jurisdiction of the primary operations of the foreign company and the location of the foreign stock or equivalent exchange (if any).

Australian company

Foreign company registered with ASIC

Foreign company not registered with ASIC

Listed company

Majority owned subsidiary of an Australian listed company

Regulated company

Non-English documents:
Where any document relied on as part of the procedure is in a language that is not English, it must be accompanied by an English translation prepared by an accredited translator.

Simplified company verification procedure

The Company can confirm that a Customer that is a company is:

by obtaining one or a combination of the following:

Collection and verification of additional information

The Company will have regard to the ML and TF risk relevant to the provision of the Designated Service in determining: