1. AML POLICY
At Rustix.io (“we”, “us”) we strictly follow and pay special attention to international Anti Money-Laundering (AML) and Know-Your-Customer (KYC) standards, applying FATF and BSA recommendations. We do this to evaluate the transactions performed by the Users at our website Rustix.io (“Website”) to prevent money laundering or any other illegal activities. Our AML policy is based on the following principles and practices:
• we develop systems and controls that are appropriate for our businesses and comply with legal and regulatory requirements;
• we assess the AML risks inherent in our current business at least annually;
• we adopt a risk-based approach that is flexible, effective, proportionate and cost effective;
• we regularly assess the adequacy of our systems and controls;
• we provide initial and ongoing training for all relevant employees;
• we support the nominated officer with resources and authority to operate objectively and independently.
We fully support an honest business model, our company opposes money laundering, fraud, terrorist financing. All Users on our platform must abide by all our rules. All of our payment instruments that we cooperate with are licensed to conduct such business. The payment instruments perform KYC procedure regarding our customers, but we reserve the right to stop fraudulent activity that we detect on our own.
2. KNOW YOUR CUSTOMER (KYC) PROCEDURE
The AML and KYC procedures applied by us may include the following:
• Verification of Users’ identity by the means of requesting identification data and documents;
• Verification of Users’ source of funds;
• Verification of Users’ country of residence;
• Verification of Users’ transaction purposes;
• Verification of fair trading by the Users on the Website;
• Other actions aimed to prevent potentially risky or illegal operations on the Website.
During performance of AML and KYC procedures we request our users to provide information and documents, including, but not limited to the following:
• User’s first and last name;
• User’s date of birth;
• User ID document, containing valid identification information about You;
• Country, city, street and postal code of User residence;
• User’s selfie, holding ID document;
• Copy of User payment order document (utility bill, bank documents, etc.);
• Other documents, that might be required additionally depending on the User’s territory.
KYC procedure structure is as following:
a) The internal monitoring system alerts the Compliance Officer (CO) about the uncharacteristic behavior of the client by configured alerts.
Compliance Officer manually checks the specific transaction and the client's account. The following fall under suspicious behavior:
- large transactions;
- repetitive behavior patterns (same IP, trying to use the same card on different accounts, trying to use the same email on different accounts);
- transaction amount is very different from the average client transaction;
- short time interval between transactions;
- change of more than three IP addresses in a short period of time;
- large number of transaction denials from the issuing bank;
- other behavior at Compliance Officer discretion.
b) Compliance Officer checks all listed alerts, as well as other transactions, which haven’t been alerted, and makes decisions. These may be:
- do nothing;
- block the client's account;
- make a refund transaction;
- enter all client data into the incident database;
- request information from the client on the disputed situation, etc.
c) All incidents are included in the database of incidents, which is an array of data in which the data of clients who have been noticed in fraudulent or disputable transactions is entered.
d) The system does not allow such clients to return to the platform, register a new account on an existing email, use a payment card that was used on one of the accounts, etc.
e) The internal monitoring system checks clients with total monthly deposits exceeding equivalent of $10,000).
Such clients may undergo additional levels of verification to verify the source of funds. For this purpose, the Compliance Officer may request the following documents from clients:
- a bank statement from a personal account;
- a salary contract;
- a document on the sale of property (real estate, car, etc.);
- any other document confirming the legality of origin of funds.
In addition to AML and KYC verification, we have the right to execute EDD (Enhanced Due Diligence) of its Users and transactions performed by them on the Website, and request additional information from a User, to verify the source of funds and their owner. In this case Users might be requested to provide additional documents as shall be set forth in point herein above, including, but not limited to declaration of the source of funds. We have the right to establish additional AML and KYC procedures at our own discretion, including, but not limited to amending this procedure, limitation of transaction etc. These procedures might be amended from time to time by us without additional notice to Users to follow internationally applicable standards, rules, and best practices aimed to prevent any fraudulent or illegal activity.
3. SUSPICIOUS ACTIVITY
Unless specifically prescribed in these Policies or additionally notified to Users, AML and KYC procedures are applied to all transactions performed by the Users on our Website, notwithstanding whether such transactions can be treated as a Suspicious Activity or not. Suspicious Activity is being referred to as suspicious transactions, extreme Users profiles, when deposits or any other elements of user’s activity are not matching up amongst other elements. The list of suspicious activities is set forth solely by us and includes, but not limited to the following:
- User violates established transaction limitation rules.
- User exhibits unusual concern for secrecy, particularly with respect to his/her identity or background, or refuses to provide the requested documentation during conduction of AML/KYC procedures;
- Upon request User refuses to identify or fails to indicate a legitimate source of his/her funds and other assets or identifies a source that is fictitious, false, misleading or substantially incorrect;
- User presents unusual or suspicious identification documents that cannot be readily verified;
- For no apparent reason, User opens multiple accounts under a single name or uses multiple names for the same person to open accounts;
- User or a person associated with the User has a questionable background (including prior criminal convictions) or is the subject of news reports indicating possible criminal, civil or regulatory violations;
- User appears on a list of sanctioned persons, as maintained by OFAC;
We shall suspend and/or block any account of the User, and/or block respective User’s transactions and activities on the Website without any prior notification, if the respective User’s activity appears suspicious.
We use different anti-fraud software, developed by third parties (e.g. Payment IQ “PaySystem Anti-Fraud”). which may alert Compliance Officer about incorrectness in system, which may be:
- Incorrect card data entry;
- insufficient funds on the account;
- 3ds failures;
- Other bank failures.
Whereas Compliance Officer sees these alerts from such systems and makes a manual decision about suspicious users or actions, Compliance Officer shall not rely on the software only, given all software may have error.
The software shall be considered as an additional tool for AML/KYC procedures, but not the sole instrument to prevent fraudulent activities.
4. BLACKLISTED, HIGH RISK JURISDICTIONS/SANCTIONS LIST
Black-listed and high-risk countries are those respectively identified by the Financial Action Task Force, or other local and international authorities. Whereas it is crucial to avoid any transactions from users residing in backlisted territories, users residing in high-risk countries are always subject to enhanced due diligence.
The list of blacklisted (so-called Non-Cooperative Countries or Territories) and high-risk territories (so-called Jurisdictions under increased monitoring) are always updated, therefore it is crucial to monitor the list on the FATF site available at https://www.fatf-gafi.org/.
Users from the FATF lists seen to threaten the international financial system from on-going and substantial money-laundering or terrorist financing activities, as identified on FATF publications, will be refused.
In addition, it is crucial to check whether a user is listed in the respective sanctions lists, to prevent any penalties.
The list of some of sanctioned persons may be found at the following links:
however it shall be checked among other lists too.
5. RECORD KEEPING AND PERSONAL DATA
We ensure availability of an audit trail to assist in any financial investigation by a law enforcement authority. Our record keeping policy and procedure covers records in the following areas:
- compliance monitoring by the nominated officer;
- delegation of AML/CTF tasks by the nominated officer;
- nominated officer reports to senior management;
- users identification and verification information;
- supporting records in respect of business relationships or occasional transactions;
- employee training records;
- communications between the nominated officer and law enforcement authorities.
6. DATA PROTECTION
7. ANONYMOUS AND MULTIPLE ACCOUNTS
Anonymous or nominal account records are not permitted. Any existing anonymous accounts or that have inconsistent identification should be subject to appropriate due diligence to establish the identity and bona fides of the account holder at an early opportunity. A user can only register one account on our platform per one email address. If a user has entered incorrect data and he wants to change it – s\he must provide documents that confirm that data, to prevent any sales of accounts to third parties.