AML / KYC Policy 

Effective Date: 15.02.2024

Definition of Terms

Illicit income – illicit or/and unjustified property possessed or owned by a person.

Property – property as considered under the Civil Code of Georgia: all property (movable as well as immovable) and intangible property, which can be owned, used, and disposed of by natural and legal persons.

Three Stages of Money Laundering

  1. Placement – This is the movement of cash from its source. On occasion, the source can be easily disguised or misrepresented. This is followed by placing it into circulation through financial institutions, casinos, shops, bureau de change, and other businesses, both local and abroad.

  2. Layering – The purpose of this stage is to make it more difficult to detect and uncover a laundering activity. It is meant to make the trailing of illegal proceeds difficult for law enforcement agencies.

  3. Integration – This is the movement of previously laundered money into the economy mainly through the banking system and thus such monies appear to be normal business earnings. This is dissimilar to layering, for in the integration process, detection and identification of laundered funds is provided through informants.

Financing of Terrorism

A crime provided for by Article 3311 of the Criminal Code of Georgia. Implies any operation (irrespective of the amount) performed by any person by any means, whether directly or indirectly, unlawfully and intentionally, with the purpose of rising or collection of funds, with the intention or on the basis of the information that such funds or any part thereof will be used for preparing or committing of the acts of terrorism. In certain cases, this may be applicable to the legally gained funds as well.

Client

Any person who enters into a business relationship or a single transaction with the Organization to receive its service.

Resident Natural Person

A natural person citizen of Georgia, as well as the individual entrepreneur.

Non-Resident Natural Person

A natural person that is the citizen of a foreign country, as well as a natural person without citizenship, as well as citizen of the foreign country registered in Georgia as individual entrepreneur.

Resident Legal Entity

A legal entity, as well as any organization established in accordance with Georgian legislation.

Non-Resident Legal Entity

A legal entity, as well as any organization established in accordance with the legislation of foreign country.

Beneficial Owner

A natural person as determined by Article 13 of the Law of Georgia on Facilitating the Prevention of Money Laundering and the Financing of Terrorism. Natural person who is the last possessor or the last controller of a client and/or on whose behalf a transaction is prepared, made or completed. Beneficial owner of an entrepreneurial legal entity (as well as of an organizational formation (arrangement) not representing a legal entity, provided for in the Georgian legislation) shall be the direct or indirect ultimate owner, holder or/and controlling natural person(s) of 25% or more of such entity’s share or voting stock, or natural person(s) otherwise exercising control over the governance of the entrepreneurial legal entity.

Control

Exercising strong influence directly or indirectly, alone or in concert with others, through use of voting shares or otherwise.

Controlling Person

Person exercising control.

Person

Any resident or non-resident natural person and legal entity, as well as organizational formation considered under legislation, which does not represent a legal entity (non-registered union, partnership, partnership of apartment owners).

Identification of a Person

Obtaining information on the person, which, when necessary, allows tracing such person and distinguishing from the other person.

Verification

Obtaining information (documents) which enables the Organization to verify the accuracy of the obtained identification data of a Person, and in the case of existence of a Beneficial Owner, also to ensure that it is aware of the identity of such Beneficial Owner.

High Risk Jurisdiction

A country or a part of the territory thereof, identified as having weak mechanisms for prevention of money laundering or the financing of terrorism.

Financial Institutions

Legal entities engaged in providing financial services and acting as commercial banks, insurance companies, re-insurance companies, investment banks, stock exchange, central depositories, brokers, microfinance organizations, credit unions, investment funds and/or other organizations providing financial services.

Shell Bank/Company

Bank/company, physically not represented in the country where it is registered/licensed and on which control and supervision are not exercised.

Politically Exposed Person (PEP)

A natural person performing important public or political functions (except for low and medium rank officials). The PEPs are as follows:

  • A head of state, a head of government, a member of government (minister), deputy minister, a head of a state institution.

  • A member of a legislative body (parliament).

  • A head of a geopolitical association, or a member of the management body thereof.

  • A member of a Supreme Court, a Constitutional Court, or other court of the highest instance whose decisions are appealed in exceptional cases.

  • A general auditor, a deputy general auditor, a member of a Court of Auditors.

  • A member of a national (central) bank.

  • An ambassador, or a head of a diplomatic representation.

  • A chief officer of defense (military) forces.

  • A head of an enterprise operating with the participatory interest of a state, or a member of the management body thereof.

  • A head of an international organization, a deputy head of international organization, or a member of the management body thereof.

Family Member of PEP

A spouse/person with whom a PEP person is permanently involved in common household, sister, brother, parent, child/step-child, and child’s/step-child’s spouse/person with whom he/she is permanently engaged in a common household.

Person Having Close Business Relationship with the Politically Exposed Person (PEP)

A natural person who, together with a PEP, is the Beneficial Owner of a legal entity, an unregistered organizational formation or a trust or a legal structure similar to a trust, or who has some other close business, social or political relationship with him/her.

Large or Particularly Large Amount

For the purposes of this Regulation, a large amount is the amount received from the client or paid to the client over GEL 30,000 (or equivalent in foreign currency), and particularly large amount is the one received from or paid to the client over GEL 30,000 (or equivalent in foreign currency).

Split of the Transactions

According to this Policy, implies the set of transactions performed by a person within certain time interval with the total value of over GEL 30,000 or equivalent in foreign currency, in relation to which there is reasonable suspicion that the transaction was split intentionally. The basis for grounding the suspicion is provided by the analysis conducted by the officer of financial monitoring.

Monitoring

Identification by Organization of Persons defined under the Law of Georgia on Facilitating the Prevention of Money Laundering and the Financing of Terrorism.

Suspicious Transaction

A transaction subject to a reasonable belief that it was prepared, made or completed on the basis of illegally acquired property or income gained from such property, and/or for the purpose of money laundering, or that it is related to the financing of terrorism.

Unusual Transaction

A complex, extraordinarily large transaction or an extraordinary set of transactions without a clear economic (commercial) or legal purpose.

Offshore Company

Legal entity registered in the offshore zone. For identification of the offshore zones, the Organization relies on the “List of countries with preferential taxation/offshore countries” determined by the government decree No: 132 (https://matsne.gov.ge/ka/document/view/3523434).

One-Time Client

For the purpose of this Policy, natural person and/or individual entrepreneur who has applied to the organization for performing certain operation, without intention of making long-term contractual relations with Organization. Regarding operations of company, only clients performing currency exchange and/or remittances may be included into such category, unless the signs characteristic for the clients in business relations can be seen.

Client in Business Relations

For the purpose of this policy, this shall mean:

  • Natural person and/or individual entrepreneur who has applied to organization for currency exchange and/or remittances more than 3 times per month.

  • Natural person and/or individual entrepreneur, who has used or uses products of Organization.

  • Natural person and/or individual entrepreneur, to whom Organization had or has liabilities.

  • All legal entities applying to Organization for services.

Note: In the process of operations the cases can be identified (e.g. unusual transaction/operation) that shall be considered by the financial monitoring officer individually.

General

The purpose of this Regulation is the development of a proper control system for combatting money laundering and financing of terrorism by the Organization.

The Regulation is based on legal and regulatory requirements of the Law of Georgia on Facilitating the Prevention of Money Laundering and the Financing of Terrorism, Financial Action Task Force (FATF) Recommendations, and Fourth EU Directive 2015/849, obligating the credit and financial institutions to combat money laundering and the financing of terrorism.

Money laundering is the crime implying the legalization of illicit property, with the purpose of masking its unlawful origin, as well as concealing the real nature of illicit income, its source, location, allocation, circulation, ownership and/or rights. Financing of terrorism implies gaining or supplying financial assets or other property knowing that it can be used or possibly will be used, wholly or in part, by the terrorist or terrorist organization.

For the purpose of efficient and effective redistribution of resources, activities by Organization, against money laundering and financing of terrorism are oriented towards risks facing the Organization. For adequate implementation of the risk-based approach, identification of the risks of money laundering and financing of terrorism is required. For proper implementation of the risk-based approach, evaluation of the identified risks and management of those risks is required. It should be mentioned that overestimation of the risks results in unreasonable spending of the resources while underestimation can make the Organization vulnerable to the dangers facing it. Hence, it is vital that all employees of the Organization are well aware of the substance of the risk-based approach.

Each employee and management member of Organization shall be responsible for compliance with the rules established by this Policy. In addition to compliance with the provisions of this Policy and laws, the employees of Organization shall show proper attention and due diligence in case of detecting circumstances that are suspicious, with respect of money laundering or financing of terrorism, and contact the officer of financial monitoring.

The financial monitoring officer of the Organization provides monitoring coordination within the Organization; hence, he/she bears responsibility for the proper performance of the function of combatting money laundering and financing of terrorism. He/she shall be entitled to request any information about the Client and/or his/her transactions from the Organization's branches and its structural subdivisions, and the latter shall ensure prompt delivery of the relevant documents and materials.

The financial monitoring officer shall be responsible for assigning relevant risk categories to the Clients, as well as for the decisions on unusual or suspicious transactions. If the financial monitoring officer is unable to make a decision, he/she may apply to the director of the Organization. In any case, in making decisions specified in this Regulation, the financial monitoring officer shall have preference, and his/her decisions shall not be subject to approval by any other manager or authorized person.

The financial monitoring officer shall be accountable to the management and submit the semiannual reports on the works performed during the past period.

Risk-Based Approach

For the purposes of these policies, ML/TF risk can be regarded as a set of three concepts: danger, vulnerability, and caused outcomes. Ideally, the risk should be the result of the analysis of these three factors:

  1. Danger: 1. Natural person or group of individuals; 2. Object; or 3. Activities (e.g., past, present or future ML or TF activities of the persons) that can harm, in addition to the reputation of the Organization, the state, society, economy, etc. The danger, in most cases, comprises the basis for analyzing ML/TF risks.

  2. Vulnerability: Includes the issues that could be used in favor of danger. Vulnerability of the Organization can comprise the issue that is the weakness of the internal control system or mechanisms intended for AML/CFT of the Organization. It may also include specific products, services, or activities.

  3. Caused Outcome: Implies the impact or harm that can be caused by money laundering or terrorism financing to the Organization, as well as society and economy in general.

In the evaluation of risks facing the Organization, it would be reasonable to take into consideration that the activities of the Organization are not complex, and they are limited to the exchange (including via kiosks) between convertible virtual assets and fiat currencies (national or foreign), between one or more forms of virtual assets, between convertible virtual assets and financial instruments; Transfer of convertible virtual assets; Safekeeping and/or administration of convertible virtual assets or of the instrument enabling control over virtual assets; Portfolio management of convertible virtual assets (excluding collective portfolio management); Administration of the trading platform of the convertible virtual assets; Lending of convertible virtual assets (to companies); by Initial Coin Offering of convertible virtual assets and/or by service related to initial coin offering.

Irrespective of all the above, it should be noted that certain risks are associated with all of the products of the Organization. In particular:

  • There is the danger that the monetary assets could be received from the person, whose property has emerged as a result of illicit activities.

  • As a result of improper compliance with the provisions of this Policy and/or negligence thereof, the Organization will become exposed and there will be the possibility that its services can be misappropriated by the above person.

  • The outcome of the above weakness will be mingling of the illicit property with the financial sector, endangering the sector as well as the financial stability of the Organization (the Organization may be subjected to sanctions).

  • Lending is associated with lower dangers of money laundering, though the loan can be misappropriated by persons engaged in terrorism.

  • As a result of improper compliance with the provisions of this Policy and/or negligence thereof, the services of the Organization can become exposed to the above danger, and there will be the possibility that its services can be misappropriated by persons engaged in terrorism.

  • The outcome of the above weakness can be financing of the act of terrorism and/or support to terrorism, and this, certainly, will be particularly harmful to the Organization, the state, and general society.

  • There is the risk that the persons engaged in money laundering desire to mask the origin of their monetary assets through conversion for their further allocation and integration into the financial sector.

  • As a result of improper compliance with the provisions of this Regulation and/or negligence thereof, services of the Organization can be exposed, and there will be the possibility that its services can be misappropriated by criminals.

  • The outcome of the above weakness can be concealing of the origin of monetary assets, and this can be the precondition for committing the crime of money laundering.

  • There is particularly high risk of remittances by persons who have gained the mentioned amounts from illicit activities and/or they desire to use such amounts for criminal activities, such as the financing of terrorism or promotion of financing of such transactions, which are characterized by a lack of transparency.

  • As a result of improper compliance with the provisions of this Policy and/or negligence thereof, the services of the Organization can be exposed, and there will be the possibility that its services can be misappropriated by criminals.

  • The outcome caused by the above weakness can be the transmission of monetary assets gained as a result of illicit actions through the Organization and/or the use of the mentioned assets for unlawful actions, thus endangering the Organization’s reputation or even making the Organization subject to the risk of sanctions by the supervisory authority.

If the activities of the Organization are changed or new services/products are added, the Organization shall analyze the risks associated with the mentioned products and develop relevant measures for the minimization of the risk of money laundering and the financing of terrorism. Particular attention should be paid to risks associated with the introduction of such new technologies, products, and services that promote anonymity. To avoid the above risks, the objective of the Organization is to know its clients, to make sure, as far as possible, that its services are not used for money laundering and/or the financing of terrorism.

Know Your Customer (KYC) Standard


For the effective fight against money laundering and financing of terrorism, the Organization has developed the “Know Your Client” (KYC) standard in accordance with international norms. This standard is the most important tool for the prevention of money laundering and terrorist financing and defines the measures that must be taken by the Organization when establishing a business relationship with the client, as well as during the entire process of the relationship.

Depending on the specifics of the activity, the Organization defines individuals as one-time and business clients and separates the measures to be taken when establishing a relationship with the client.

Client Identification and Verification Procedure

The Organization is obliged to identify and verify the client in the following manner in the presence of the following basis:

  • When entering into a business relationship with a client.

  • When making a one-time deal with a person.

Identification of a Natural Person

The client for the purpose of identification of a natural person or a person acting on behalf of the client:

  • When establishing a business relationship.

  • When concluding a one-time transaction (also in the case of related transactions), the amount of which exceeds 15,000 GEL or the equivalent of 15,000 GEL in foreign currency.

  • For a one-time cash transfer (as well as a related one-time cash transfer), the amount of which exceeds 3,000 GEL, 1,000 USD, 1,000 EUR, or the equivalent of 3,000 GEL in any other foreign currency, the Organization needs the following data:

In the case of a natural person:

KYC data that shall be recorded unconditionallyOther possible KYC dataName, surnameBirth place/country, authority that has issued the document/country, issuance date/term of validityNationalityDouble citizenshipResidence addressBirth dateE-mail and phoneRegistered addressPatronymicBank account detailsPersonal number (similar unique identifier, in case of non-resident)OccupationNumber of identification document

If the client is a natural person registered as an individual entrepreneur and the business relationship with the Organization is established for entrepreneurial purposes, together with the data listed in Table 1, the following should also be checked:

KYC data that shall be recorded unconditionallyOther possible KYC dataTaxpayer identification numberRegistration numberLegal addressRegistering authorityCountry of registrationRegistration date

For the purpose of identification of a natural person or a person acting on behalf of the client:

  • The amount of a single transaction or the total amount of related transactions does not exceed 15,000 GEL or the equivalent of 15,000 GEL in foreign currency.

  • If the amount of a one-time cash transfer or the total amount of related one-time cash transfers does not exceed 3,000 GEL or the equivalent of 3,000 GEL in foreign currency, we need the following data:

KYC data that shall be recorded unconditionallyOther possible KYC dataName, surnameDate of birthID and/or citizenship document number, date of issue, issuing country, issuing body, and validity periodPersonal number (if any)CitizenshipGenderPlace of birth – country (also city – if such data exists)Registration addressActual place of residence

The Organization is obliged to verify the data of the client natural person or the person acting on behalf of the client when establishing a business relationship, when concluding a one-time transaction, except when buying and selling foreign currency in cash, if the amount of the operation does not exceed 1,500 GEL, and the operation is not completed within the scope of the business relationship, based on the following documents:

a) In the case of a citizen of Georgia – a passport, identity card, or driver’s license of a citizen of Georgia, a certificate of a compatriot living abroad. b) In the case of a person living legitimately in the Autonomous Republic of Abkhazia and the Tskhinvali region – a neutral identity card or a neutral travel document. c) In the case of a citizen of a foreign country – a residence certificate issued by the relevant state authority, a temporary identification certificate, a passport, or another document permitted to cross the customs border of Georgia based on an international agreement and/or by Georgian legislation, or a certificate of a compatriot living abroad. d) In the case of a stateless person – a residence certificate issued by the relevant state authority, a temporary identification card, or a travel passport issued by the relevant state authority. e) In the case of an individual entrepreneur – Extract from the register of entrepreneurs and non-entrepreneurial legal entities of the National Public Registry Agency and the documents provided for in subparagraphs “a”-“d” of this paragraph.

The identification document obtained for the purpose of verification of a client natural person or a person acting on behalf of the client must meet the following requirements:

  • Must have the requisites characteristic of this type of document (number, date of issuance and validity, protective attributes, etc.).

  • Must include the photo of the owner.

  • The photograph should allow establishing the identity of the person presenting the document.

  • Should not be significantly damaged.

  • Must be valid at the time of its presentation.

In the event that the electronic databases of the State Services Development Agency are not used for the identification/verification of the client and its beneficial owner, it is necessary to verify the document presented for identification by an authorized employee. When certifying, it is necessary to indicate the date of certification, the name, surname, and/or signature of the certifying person.

Identification of a Legal Entity/Unregistered Organizational Structure

In order to identify the client as a legal entity or an unregistered organizational entity:

  • When establishing a business relationship.

  • When concluding a one-time transaction, regardless of the amount of the transaction, the Organization requires the following data:

KYC data that shall be recorded unconditionallyOther possible KYC dataFull nameContact phone numberDate of registration/creationE-mailLegal addressCountry of registrationLegal formCountry of main activity/contractorsRegistration number (if any)Address of physical locationDetails of bank account(s)

In order to identify the person(s) with management and representative authority of a client legal entity or an unregistered organizational formation, when establishing a business relationship or concluding a one-time transaction, regardless of the amount of the transaction, the Organization shall require:

  • In the case of a natural person – at least name, surname, and personal number (in the absence of such – date of birth or ID and/or citizenship document number) or identification data determined by “Table N1” of this Policy.

  • In the case of a legal entity – name and identification number or registration number (if any). In the absence of an identification or registration number, one of the identification data defined by “Table N4” of this Policy.

  • If the client is a branch of a legal entity, the Organization must additionally obtain the identification data of the client’s head office and its management defined by “Table N1” of this Policy.

  • If the client is an administrative body, international organization (agency), international financial institution, or diplomatic representation (embassy), the Organization must obtain the client’s name, legal address, and identification data of the manager, in accordance with the rules defined by “Table N1” of this Policy.

Verification of Legal Entity and Unregistered Organizational Structure

The Organization is obliged to verify the data of the client legal entity and its management when establishing a business relationship, when concluding a one-time transaction, regardless of the amount of the transaction, based on the following documents:

  • In the case of a legal entity registered in Georgia – an extract from the register of entrepreneurs and non-entrepreneurial legal entities of the National Public Registry Agency.

  • In the case of a legal entity registered in another jurisdiction – an extract from the relevant register of legal entities and/or another document confirming the registration and existence of the legal entity issued by the relevant registering authority.

The Organization is obliged to verify the data of the unregistered organizational formation and its management when establishing a business relationship, when concluding a one-time transaction, regardless of the amount of the transaction, based on the following documents:

  • Founding document (agreement, minutes of the general meeting).

  • Document confirming tax accounting (registration) (if any).

The document obtained for the purpose of verification of the client legal entity must contain the identification data provided by this Policy at the time of verification and be dated (the date of issuance of the document) no later than 12 months before the verification, except for the cases when the verification is performed by direct access to the relevant register of legal entities.

The document obtained for the purpose of verification of the unregistered organizational structure must contain the identification data provided by the edition of Order №2 of the Head of the Financial Monitoring Service of Georgia On Approval of the Procedure of Identification and Verification of a Customer by Obliged Entity available at the time of verification.

If the client is a branch of a legal entity, the verification of its head office and its management should also be carried out in accordance with the requirements stated in this provision.

If the client is an administrative body of Georgia, an international organization (agency), an international financial institution, and a diplomatic representation (embassy), verification must be carried out using a publicly available or other reliable source.

Screening

All clients of the Organization shall be cross-checked with updatable databases developed by corporation Reed Business Information Limited that includes the following lists:

  • OFAC List

  • EU List

  • UN List

  • PEP International List

  • PEP United States List

Customer Due Diligence (CDD) for Acceptance of the Client

In the case of acceptance of the client and the need of application of the full due diligence to him/her, as well as in monitoring of the transactions of the existing clients, for the purpose of effective allocation of resources, upon taking the above client identification measures the clients should be assigned to ML/TF risk category (including the one-time clients).

Classification of Clients by Risks

The Organization attributes the clients to the high, medium, and low-risk rankings and ensures implementation of the relevant enhanced, standard, or simplified examination procedures. Where the circumstances of high or low risk are not clearly visible, the client shall be ranked as the medium risk client.

Low Risk

Low-risk ranking can be attributed to the natural person in the following circumstances:

  • He/she is a citizen of Georgia though he/she is not registered.

  • Source of income constitutes of:

    • Wages for the employment, deposited to the bank account.

    • Old-age pension.

    • Incomes from business evidenced by the official and reliable documentation.

  • He/she submits documents requested by the Organization in good faith and in a timely manner.

  • Cross-checking showed that a person has a good reputation and has no suspicious history records.

Low-risk ranking can be attributed to the legal entity in the following circumstances:

  • It is the resident legal entity.

  • The person with the management/representation authorities, as well as the beneficial owner, is the citizen of Georgia.

  • Its sphere of business is not ranked as a high ML/TF risk business.

  • Its ownership structure is not complex (companies having founding structure with two or more levels of legal entities in a vertical hierarchy are regarded as the ones with complex ownership structure).

  • Source of monetary assets and property can be easily identified based on the public information.

  • The legal entity is a long-term client whose transactions have never caused any doubt or concerns, and products used correspond to the client’s profile. The client is:

    • Joint-stock company whose shares are traded at the publicly regulated stock exchange and is subject to information disclosure obligations, thus ensuring transparency of beneficial ownership.

    • Local administrative authority of enterprise in state ownership.

    • Client is administrative authority or legal entity of public law, founded in the state with low corruption levels.

    • Client is a complexly regulated credit or financial institution of Georgia or such other jurisdiction where an effective AML/CFT regime is active and whose compliance with the AML/CFT obligations is inspected by the relevant supervisory entity.

Only in case of the above low-risk circumstances may the client be ranked as a low-risk client. If there was identified any high-risk criterion, the client shall not be ranked as a low-risk client. The simplified due diligence may be applied to low-risk clients.

High Risk

In ranking a client as the high-risk client, the following risk factors shall be taken into consideration:

  • Client’s risk factors.

  • Risk factors of the country or geographical area.

  • Transaction risk factors.

Relevant staff members of the Organization shall clearly understand that the presence of certain single risk factors shall not automatically result in ranking the client as a high-risk client, unless this is required by the law. In the presence of any high-risk criterion, the person can still be ranked as a medium-risk client, but in no case such a client shall be ranked as a low-risk client.

Client’s Risk Factors

a) The following risk factors are relevant to the client’s and/or its beneficial owner’s commercial or professional activities:

  • Client’s or beneficial owner’s relations with such sectors/activities that are associated with high ML or TF risks, in particular:

    • Professional service providers.

    • Persons engaged in the gambling business.

    • Persons engaged in the business related to precious metals, precious stones and products thereof, antiquities, and pieces of art.

    • Persons engaged in the production of and/or trade in weapons, armaments, military equipment, and vehicles (spare parts).

    • Persons engaged in the production and/or trade in chemicals.

    • Persons engaged in the production and/or trade in materials for nuclear reactors.

    • Organizations whose activities are not oriented towards gaining of profits.

    • Sports clubs.

    • Investment funds/companies.

    • Holding companies.

    • Assets management companies.

    • Trust companies.

    • Real estate agents.

    • Companies engaged in binary options trade.

Relations of the client or beneficial owner with the sector that, in turn, is associated with significant amounts of cash:

  • The client is a newly established entity that has no adequate business profile or past experience.

Client’s political relations, e.g.:

  • The client is a non-resident politically exposed person (PEP).

  • The beneficial owner of the client is PEP.

  • The client or beneficial owner has any other relevant relation with the PEPs (e.g., any director of the client is a PEP), and if so, he/she exercises significant control. Where the client or its beneficial owner is PEP, the Organization shall always provide enhanced due diligence as per this Policy.

  • The client or beneficial owner holds the public office, through which a person can exercise public functions for his/her own benefit.

b) The following risk factors are relevant to the reputation of the client and/or beneficial owner:

  • There are negative assessments related to the client in mass media. For example, allegations dealing with his/her relations with crime or terrorism (whether evidenced or not). If so, the reliability of the mass media entity shall be evaluated. The Organization shall make a decision based on the quality of information and independence of the data source, or regarding how frequently/insistently the allegations are made.

  • There is a reasonable basis to assume that the client or beneficial owner or another person related to them was subjected to property seizure in the past.

  • The report on suspicious transaction in relation to the client or beneficial owner was submitted to the Financial Monitoring Service of Georgia.

  • There is a doubt that the client or beneficial owner or another person related to them has illicit income (gained as a result of crime).

  • The Organization has obtained other information related to the integrity of the client or beneficial owner, gained as a result of long business relations with him/her.

c) The following risk factors are relevant to the nature and behavior of the client and/or client’s beneficial owner:

  • The Organization has doubts in relation to the correctness and validity of the client’s or beneficial owner’s identity data.

  • There are indicators that the client can avoid business relations because of due diligence implemented by the Organization.

  • The client’s ownership and management structure is not transparent and easily understandable; rather, it is complex and unclear. In addition, there are no specific commercial or legal reasons/purposes.

  • The client issues bearer securities.

  • The client has nominal shareholders.

  • The client’s ownership structure includes a trust.

  • The client demands an unreasonable or unnecessary degree of anonymity: for example, the client discloses identification documentation to the Organization only after resistance or attempts to conceal the actual nature of its activities.

  • The source of property or assets of the client and/or its beneficial owner cannot be simply explained (e.g., by the position, heritage, or investments).

  • The client is a non-entrepreneurial organization whose activities can be abused for the purpose of terrorist financing (e.g., charity organization, religious association, etc.).

Risk Factors of the Country or Geographical Area

The Organization has established a list of high-risk jurisdictions, which are set forth under Order N 240/04 of the President of the National Bank of Georgia.

Additionally, in the revision of high-risk jurisdictions, attention should be paid to the following risk factors of the geographical area:

  • According to the information from more than one reliable source, the jurisdiction has low-quality AML/CFT control (including supervision and monitoring) mechanisms. Examples of sources include:

    • FATF Mutual Evaluation Reports (See the Link).

    • FATF List of High Risk and Non-cooperating Jurisdictions (see the link).

    • International Monetary Fund (IMF) conclusions and Financial Sector Assessment Program (FSAP) reports (see the link).

    • OECD Reports (see the link).

  • According to the information disseminated by law enforcement authorities or mass media, the jurisdiction provides assistance to terrorists (including financial assistance), or certain terrorist organizations operate in the jurisdiction.

  • The jurisdiction is subject to financial sanctions, embargo, or measures related to terrorism, financing of terrorism, or proliferation of weapons of mass destruction.

  • The jurisdiction is regarded as a tax haven, secrecy haven, or offshore jurisdiction.

  • Based on the information from a reliable source, the jurisdiction has high levels of money laundering predicate crimes, including corruption, organized crime, or fraud. Examples include the Corruption Index of Transparency International; reports of OECD (Organization for Economic Co-operation and Development) on compliance with the OECD Anti-Bribery Convention; and the UNODC (United Nations Office on Drugs and Crime) report on world drugs.

  • The jurisdiction is politically unstable.

Product/Service Risk Factors

Transaction risk factors specified below can indicate high risks:

  • The payments are provided by unidentified or unrelated persons.

  • A person registered in a high-risk jurisdiction desires to exchange a large amount in large denominations.

Customer Due Diligence (CDD)

In case of the necessity of implementing full Customer Due Diligence, after taking minimal identification measures, for both one-time clients and those in business relations, the Organization shall provide additional verification of data (in addition to the identification documents) based on the documents, data, or information from a reliable independent source. The above data can be verified based on the following sources:

  • Electronic databases of LEPL State Services Development Agency (SSDA).

If data verification is impossible through SSDA electronic databases, in case of a natural person:

If the resident and/or non-resident natural person was not presented to the Organization though the document submitted for identification allows this, verification shall be provided based on SSDA databases.

If the date of birth (or place, if so required) cannot be cross-checked by the passport of a foreign citizen, a birth certificate may be requested additionally.

As a Result of the Customer Due Diligence, the Following Shall Be Established:

In case of a natural person:

KYC data that shall be recorded unconditionallyOther possible KYC dataJob positionOrigin of the amounts provided to the OrganizationPurpose of relationsPurpose of the amounts provided to the OrganizationExpected transaction typeProposed number/scope of transactions

In the case of a legal entity:

KYC data that shall be recorded unconditionallyOther possible KYC dataSource of amounts provided to the OrganizationFinancial standing of the legal entity (annual turnover)Purpose of amounts received from the OrganizationOrigin of the legal entity’s propertyPurpose of the relationsNumber of employeesExpected transaction typeProposed number/scope of transactions

In the case of a legal entity, particular attention shall be paid to the clarification of its ownership and management structure, as this is the necessary condition for the proper identification of the beneficial owner.

The Organization Shall Identify the Ownership and Management Structure and Beneficial Owner of the Legal Entity as Follows:

Step 1:

a) Natural persons who may have control over the legal entity through participation interests.

  • Extreme approach – natural persons holding, whether directly or indirectly, participation interests/shares in the legal entity. According to Georgian legislation, a person holding 25% or more of participation interest or shares in the legal entity shall be deemed as a beneficial owner. A legal entity can have more than one beneficial owner (maximum four). In such a case, holding of the percentage of the shares/participation interests shall be regarded as a factor with substantial power of evidence, together with the other factors. Here it should be emphasized as well that this approach includes the concept of indirect control as well, that goes beyond the limits of formal ownership and may exist in a form of the chain of corporate means (e.g., 30% of legal entity A is held by legal entity B while its 100% is held by the natural person, and hence, such natural person holds indirectly 30% of the legal entity A).

  • Approach of controlling interest – shareholders exercising control independently or together with other shareholders, based on any agreement, covenant, relations, intermediate or related persons. It is significant to emphasize that this approach includes the concept of indirect control as well, that is beyond legal (direct) control or may exist through the chain of corporate units or nominal owners. Such indirect control can be identified by various means, such as shareholders’ agreement, exercising dominating control, or the power of appointing top management. In identifying the beneficial owner, the organizations should take into consideration various types of shares allowed by the state legislation, taking into consideration shares with the right to vote and economic rights.

b) Natural persons having control over the legal entity by any other means.

  • Natural persons controlling legal entities by such other means as personal relations with the persons described in sections (1) and (2) or those owning the title over the legal entity.

  • Natural persons exercising control without ownership through participation in funding the enterprise or through close or intimate family relations, or due to historical or contractual relations, or if the company is unable to comply with the payment obligations. In addition, control can be supposed also where a person has not exercised actual control yet, i.e., has not used the property held by the legal entity and has not gained any benefits therefrom.

Step 2:

c) Natural persons exercising control through their position.

  • Natural persons responsible for the strategic decisions that substantially impact the business activities or key orientation of a legal entity. Depending on the legislation of the country or the legal entity, the directors can play or not play a significant role in control over the activities of a legal entity (e.g., non-executive directors in the single board system). Hence, it is possible that the members of the supervisory board were identified as the beneficiary (nevertheless, identification data of the management members shall be established as well).

  • Natural persons exercising executive control over the day-to-day or regular activities of the legal entity through the top managerial position, such as managing or executive director, president, chief executive officer (CEO), chief financial officer (CFO), etc. Natural persons with significant powers over the financial relations of the legal entity (including with the financial institutions where the legal entity has the accounts) and current financial activities of the legal entity. In addition, if there are no persons specified in sections (a) – (e), the status of the beneficial owner should be attributed to the above-listed persons, if:

    • In the structure of ownership of the legal entity, no natural person holds a significant participation interest (10% of the authorized capital), for example:

      • Legal entities in state ownership.

      • International organizations.

      • Diplomatic organizations.

      • Other entities where, regarding the legal status thereof, no natural person cannot exercise control through holding participation interest.

    • The legal entity is a non-entrepreneurial/non-profit legal entity (association, fund, nongovernmental organization, union, etc.) or such an organizational entity that was established for ideal purposes (tenants association).

Regarding Specific ML/TF Risks Associated with Legal Structures (Trusts)

The Organization shall request from legal structures disclosure of their status before making business relations with them. The Organization provides identification/verification of the beneficial owner of legal structure who can be any person for whose benefit the trust was founded, for example, this can be:

  • Trustee.

  • Settlor.

  • Protector (if any).

In determining beneficial ownership, the financial institution shall provide verification as follows:

a) Legal entity resident of Georgia – the Organization shall check information with the database of the State Registry of Entrepreneurs and Non-entrepreneurial Legal Entities.

b) If 25% or more of the participation interest/shares of the legal entity are held by another legal entity – the financial institution should clarify the ownership structure until the end beneficial owner (a natural person) is found.

c) Joint-stock company registered in Georgia – extract from the registry of securities:

  • Independent registry of securities.

  • Own registry of shares.

d) Legal entity founded for ideal purposes or there is no holder of significant participation interest – as mentioned above, the status of the beneficial owner shall be attributed to the management of the legal entity, and hence, the financial institution shall identify the natural person exercising actual control over the legal entity. For this, the document evidencing representation authorities can be used, as well as the database of the registry, charter, contracts, etc.

e) Non-resident legal entity – a relevant official document is required with the information about company’s shareholders, partners, founders, and members. Mostly, such a document is the extract from the state registry (Extract from Register of Shareholders and/or Bearer Shares Certificates), the charter, or a relevant document stating the company’s ownership, business, management (control) issues, or documents evidencing individual’s authorities of management and representation, etc.

f) Branch or representation office of the legal entity registered in the foreign country – is not an independent legal entity (whether it is registered with the Entrepreneurs Registry of Georgia or not). Hence, in the case of a branch or representation office, the information about the beneficial owners shall be verified on the basis of official documents of the head company.

g) If the legal entity is an offshore company – it is reasonable that the financial institution, in making business relations with the offshore company, regarding the related risks, makes the following package of identification documents: - Certificate of incorporation/extract from the company register – from the registers of the offshore countries. - Copy of any change of name (if applicable). - Memorandum of association/articles of association, partners agreement, or any other document specifying the key issues of the company’s ownership by certain persons, the company’s business, its management, and control. - Certificate of incumbency detailing all directors and officers of the company. - Certified copy of the register of shareholders owning more than 25 percent of shares, including ultimate beneficial owner information.

h) In case of legal structure (trusts and similar) – the trust agreement shall be submitted, specifying the settlor, trustee, beneficiary, and protector (if any). If it is impossible to identify these persons from the trust agreement, then the financial institution can rely on the trust deed/trust declaration, which shall be accompanied by the legal document on dividends distribution.

Permanent Monitoring of Business Relations with the Client

In case of customer due diligence, any information related to the client and/or its beneficial owner shall be documented, and the relevant data shall be entered into the electronic system of the Organization.

In addition, the Organization provides a detailed study of the transactions of its clients to verify the available information about such clients. In particular, it examines how well the transaction suits the client’s commercial or personal activities, risk profile, origin of the property, and/or money assets.

Simplified Due Diligence (SDD)

Simplified due diligence is acceptable if the client is categorized as a low-risk client. Data to be collected as a result of simplified due diligence differs for one-time clients and those in business relations.

  • In case of one-time clients who are natural persons, the following shall be established:

    • Position.

    • Purpose of relations/type of expected transaction.

  • In the case of clients in business relations who are natural persons, the following shall be established:

    • Position.

    • Purpose of relations/type of expected transaction.

    • Proposed amount/scopes of transactions.

  • In the case of a legal entity, which, regarding this Policy, belongs to the category of clients in business relations, the following shall be established:

    • Sphere of activities.

    • Ownership and management structure.

    • Purpose of relations/expected transaction type.

    • Proposed amount/scopes of transactions.

In relation to low-risk clients, it is acceptable to double-check the purpose of relations and intended nature based on the performed transactions (operations) and the information provided by them. This implies:

  1. Double-checking of the identity of the client and/or beneficial owner after making business relations:

  • Initially, the business relations are made with the client (borrowing/lending of money, foreign currency conversion), and within no more than two weeks, verification shall be provided (the correctness of identification data shall be examined; for example, the passport of the beneficial owner is submitted within a two-week term from the date of making business relations).

  • If, after payment, the identity of a person cannot be verified within the stated term, a report on the suspicious transaction shall be forwarded to the Financial Monitoring Service, and business relations shall be terminated immediately.

  1. Reduction of frequency and intensity of detailed studying of the transactions in case of permanent monitoring:

  • In each transaction, each operation should not be studied in detail; rather, transactions should be selected for examination.

  • The Organization provides double-checking of the clients’ data and updating of their information annually.

Enhanced Due Diligence (EDD)

The Organization provides a list of circumstances in the presence of which the client shall be unconditionally ranked as a high-risk client, in particular:

  • Natural persons are ranked as high-risk clients automatically if such a person is:

    • Politically exposed person.

    • A natural person, citizen whose country of citizenship (double citizenship) is in the watch or suspicious zone, or if his/her legal or actual address is in the watch or suspicious zone.

  • Legal entities are automatically ranked as high-risk clients if such an entity:

    • Is a non-resident legal entity whose registration country or country of principal business/contractors is a high-risk jurisdiction.

    • Is an offshore company.

    • Has a complex ownership structure.

    • Has a person with management/representation authorities, as well as a beneficial owner who is:

      • Politically exposed person.

      • A person whose country of citizenship (double citizenship) is in the high-risk jurisdiction, or if his/her legal or actual address is in the high-risk jurisdiction.

Enhanced due diligence is required if the client (both one-time clients and those in business relations) was ranked as a high-risk client. In such a case, the staff member of the Organization shall:

  • Obtain the permit of the director of the Organization to make business relations with such a client (or continuation of business relations if the existing client was reclassified as a high-risk client).

  • Collect complete information requested by the questionnaire “Know Your Client” for both natural persons and legal entities.

  • Re-check the clients’ identification data and update information about them every 6 months.

Enhanced due diligence differs for the one-time clients and those in business relations, in particular:

  • In implementation of enhanced due diligence in relation to one-time clients, for verification of KYC data, the Organization can rely on the information provided by the clients if the transaction amount is not large or particularly large.

  • In implementation of enhanced due diligence in relation to clients in business relations, for verification of KYC data, the Organization shall rely on the information in documents from a trustworthy, independent source and also provide:

    • Stricter cross-checking of the client’s and/or beneficial owner’s identification data, for example:

      • Apostillation of the extract of the legal entity/incorporation certificate.

    • For verification of the address, not one but several verification measures should be taken (e.g., bill of paid taxes and bank account statement).

    • Collection of additional information about the purpose and intended nature of business relations with the client, including the origin of the monetary assets and property or re-checking of the available information.

    • Documents evidencing the origin of the property shall be requested from the client, such as the documents of inheritance, remuneration at his/her position, dividend distribution, taxes, and other similar additional documents.

    • Request the bank account statements.

    • Request the client’s letter of reference (if already available, request additionally).

    • Visit the legal entities (if possible).

    • Communication with the client by phone or e-mail.

    • Enhanced due diligence to the beneficial owner, a natural person (including for clarification of the origin of monetary assets/property).

    • In studying of the transactions, more extensive and detailed enhanced monitoring – collection of additional information on reasons and grounds of the transaction.

The Organization does not make relations with shell banks. The Organization has an obligation to take reasonable measures to find out:

  • Whether the person in business relations with it (or the person seeking business relations) belongs to the category of shell banks.

  • Whether the client has relations with a shell bank.

Recording of Information (Documents) on Clients' Transactions

The Organization keeps the information about the deal (operation) electronically (in the relevant databases) and as documents for 5 years from the date of the deal, unless the relevant supervision authority or any other competent authority requests a longer term, and after the expiry of the specified term, the mentioned information shall be destroyed.

Information is recorded, systematized, and kept so that if required, it can be found and retrieved in the shortest time. Only authorized persons specified by this and other internal regulations shall have access to the documents and information.

Reporting

The Organization shall submit to the Financial Monitoring Service of Georgia a report on a suspicious transaction or the attempt to prepare, make, or complete such a transaction. A report on a suspicious transaction may be submitted to the Financial Monitoring Service of Georgia if one or more of the following indicators are present. While the considered cases are not all-embracing and complex, they assist the staff members of the Organization to identify and understand possible schemes of money laundering and financing of terrorism. In such cases, additional investigation is required. The existence of any one of the indicators, as such, does not comprise the evidence that the action is of a criminal nature.

General Indicators are as Follows:

  • The identification process is difficult – the submitted document is damaged, or the authenticity of the document cannot be clearly established.

  • The photo in the submitted identification document does not correspond to the client’s appearance.

  • The signature on the identification document is apparently different from the one on the slip.

  • The client refuses to communicate with any of the Organization’s staff members for religious, gender, or any other similar grounds.

  • The use of nicknames by the client, including changes in the sequence of elements of the name and surname.

  • The client attempts to talk to the employee on various issues to switch his/her attention.

  • The client does not show interest in the service commission expenses.

  • The client performs several transactions during one day, attempting to deal with different employees or at different offices of the Organization.

  • The information provided by the client at request is insufficient, false, or suspicious.

  • The client or group of clients attempts to convince the staff member or offers him/her a “gift” (bribe) to avoid making records necessary for identification or not to complete the report form.

  • The client does not disclose the source of cash and/or the purpose of the operation.

  • The scale of the activities stated by the client does not correspond to the amounts of his/her transactions.

  • The client reduces the amount which he desired to receive/pay or denies the transaction when the Organization requested the submission of the identity document and making its copy.

  • The client shows unusual curiosity about the internal control systems, policies, and requirements of reporting.

  • The client frequently requests foreign currency in large denominations.

  • The client’s relations to the high-risk jurisdiction through place of residence or registration, activities, etc.

  • The client refuses to provide requested information or expresses dissatisfaction because of this.

  • There are some inconsistencies and contradictions in the information provided by the client.

  • The actual place of residence of the client does not correspond to the other data of his/her profile, such as activities or job.

  • There is reasonable doubt that the residence address is not clearly stated or is unreal.

  • The requested additional documentation does not add any legal evidence to the other information provided by the client.

  • The client attempts to perform the transaction as soon as possible, promising that he/she will provide requested information later.

  • The client provides (on different occasions) different identification documents (e.g., documents registered in different countries – identity card (Georgia) and passport of a foreign country with different identification numbers and/or different spelling of the name and surname, or states different residence addresses, phone numbers each time.

  • The client is unable to clearly specify the source of income.

  • Frequent change of the residence address.

  • Information disseminated by mass media about suspected or arrested terrorists or a group of terrorists.

The Organization pays special attention to the unusual transactions and deals (operations) made/implemented using the bank account of the bank located in the high-risk jurisdiction that has no apparent economic (commercial) sense and apparent legal purpose. The Organization studies, within reasonable scopes, the purpose and grounds of such transactions, and the officer of financial monitoring makes a written statement of the findings.

If the identification of any of the indicators or unusual transactions resulted in additional investigation, the Organization shall document the information collected in the course of the investigation and keep it even if the operation was not regarded as a suspicious transaction, and no report was submitted to the FMS.

Irrespective of the assumption about the suspicious operation (transaction) and the amount of the operation (transaction), the Organization shall not suspend the operation (transaction) (providing service to the client in business relations with the Organization), with the exclusion of the following cases:

  1. Identification of the client is impossible.

  2. Any participant of the transaction is on the list of sanctioned persons.

  3. If the client and/or its beneficial owner is a politically exposed person or due to other criteria is ranked as a high-risk client and the management refused to commence/continue business relations with this person.

  4. The financial monitoring officer has reasonable doubt that the transaction may be fraudulent.

  5. Other cases, as per the decision of the financial monitoring officer.

Any information about reports forwarded to the Financial Monitoring Service of Georgia shall not be disclosed to the client or any other third person.

For the purpose of identification of the unusual and fractured transactions (operations), the Organization has an electronic database (system).

Providing data to the Financial Monitoring Service of Georgia implies completion of the relevant report form by the Organization, its delivery, and confirmation of acceptance by the Service. Reports submitted to the Financial Monitoring Service of Georgia shall be completed through the web portal of the Financial Monitoring of Georgia. Notices submitted to the Financial Monitoring Service of Georgia shall be compiled through the web portal of the Financial Monitoring Service of Georgia of Georgia. The report shall be completed and submitted to the Service according to the User Manual published on the website of the Financial Monitoring Service of Georgia (http://fms.gov.ge); Confirmation of receiving of information by the Financial Monitoring Service of Georgia means assigning electronically, through the web portal status “confirmed” to the report.

Reporting forms shall be submitted to the Financial Monitoring Service of Georgia in electronic form.

Hard copies of reporting forms to the Financial Monitoring Service of Georgia shall be submitted only if reporting forms are technically impossible to be sent in an electronic format. A hard copy of the reporting form (as well as attached materials, if necessary) shall be submitted to the Service in a sealed envelope by the authorized employee of the Organization, or by post as registered mail. The name and address of the sender – Organization shall be written on the envelope, as well as the addressee – “Financial Monitoring Service of Georgia.” Delivery address: 2 Sanapiro St., Tbilisi 0105, Georgia. The envelope shall be marked as confidential.

Reporting forms, as well as other confidential information on operations (transactions) subject to monitoring, shall be submitted to the Financial Monitoring Service of Georgia in electronic form through the relevant web service of the web portal set on the official website of the FMS of Georgia (www.fms.gov.ge).

The reporting form sent to the Financial Monitoring Service of Georgia shall be subject to retaining by the Organization for 6 years. In the event of sending a hard copy of the form, it is to be printed in two copies, each to be certified with the signature of the AML officer and by the seal of the Organization. One copy of the report is to be sent to the Service, while the other copy is to be retained at the Organization for a 6-year term.

The Organization shall maintain a register of reporting forms submitted to the Financial Monitoring Service of Georgia.

In the event of revealing a suspicious operation (transaction) and submitting a related reporting form to the Service, the Organization shall be obligated to indicate grounds (circumstances) of suspicion and to focus special attention on other operations (transactions), implemented by persons involved in this particular operation (transaction) with the Organization.

Suspension of Transaction on the Basis of FMS Request

The Organization shall suspend a transaction (operation) for 72 hours (non-working days shall not be included in this term), as well as any other transaction (operation) related to the mentioned transaction (operation) and/or its participants if the Head of the Financial Monitoring Service of Georgia instructs the Organization to suspend the transaction. The case materials shall be immediately disseminated to the respective authorities of the Chief Prosecutor’s Service, the Ministry of Internal Affairs, and/or the State Security Service of Georgia.

Rights and Duties of Financial Monitoring Officer

The financial monitoring officer of the Organization shall be independent in performing his/her duties and shall be responsible for all protection measures and controls intended for combating money laundering and financing of terrorism. He/she shall also be responsible for compliance with the requirements of this Regulation and laws against illicit income legalization. Hence, the financial monitoring officer shall have unrestricted access to all relevant information, data, and documentation available at the Organization.

For the purpose of timely identification of the potential risks, the financial monitoring officer shall participate in all processes related to the management of the risks of money laundering and financing of terrorism, in particular, in planning, development, and introduction of new products and services.

Duties of Financial Monitoring Officer Are as Follows:

  • Responsibility for all issues associated with combating money laundering and financing of terrorism.

  • For the purpose of eliminating the legalization of illicit incomes and financing of terrorism, developing and updating the relevant protective measures and control mechanisms oriented towards the business and clients, such as client data, and transactions monitoring, etc.

  • For the purpose of combating money laundering and terrorism financing, development of internal service and organization regulations in accordance with this Policy and effective ML legislation. In particular, the person responsible for the AML function shall develop and regularly update the AML policies of the Organization in accordance with the effective AML laws and best practices.

  • Permanent monitoring of compliance with the internal regulations and effective laws intended for combating money laundering and financing of terrorism.

  • Evaluation of internal reporting on suspicious circumstances and making decisions on the submission of reports on suspicious activities to the relevant authorities.

  • Analysis of detected suspicious cases and change of the clients’ risk categories.

  • Collection of Organization's internal and external AML/CFT information, e.g., analysis and evaluation of detected cases, information from the investigation authorities and relevant legislative bodies, materials of mass media, and sharing of information with other institutions. Following the legislative changes at the national and international levels, regular participation in internal and external training on the issues of illicit income legalization and financing of terrorism.

  • Training and briefing of the staff on methods of combating money laundering and financing of terrorism, for the purpose of providing awareness of the Organization's staff members about their duties provided for by this Regulation and relevant regulations.

  • In the AML/CFT issues, he/she shall act as a contact person for the staff members, Financial Monitoring Service of Georgia, law enforcement authorities, and other relevant structures.

  • Duties include regular visits to the branch offices of the Organization and their random inspection to examine their compliance with their obligations provided for by this Policy, AML laws in relation to the relevant inspection.

While the management of the Organization is authorized to manage all operations of the Organization, the AML function shall be independent of it. The financial monitoring officer shall be authorized to issue internal directives to the staff members of the Organization on AML/CFT issues. In particular, the resolutions on termination of transactions or business relations where there is suspicion of gaining money from criminal actions or financing of terrorism.

The Organization shall not disclose data of the financial monitoring officer to the clients or third parties not to prevent him/her from performing his/her duties.

Final Provisions

This Regulation shall be revised annually, and required amendments and addenda shall be made.

Amendments and addenda to this Regulation shall be made on the basis of the decision by the supervisory board.

This document shall enter into force on the basis of the supervisory board's decision and shall be mandatory.

[1] Data processing in the mentioned databases is provided if: a) The data subject's consent is obtained. b) Data processing is provided for by the law.

[2] According to the Law on Entrepreneurs, a joint-stock company with over 50 shareholders shall maintain the registry through an independent registrar on the basis of an agreement with him/her. If the number of shareholders is 50 or less, the company may maintain the registry of shares itself or through an independent registrar, with the exclusion of the accountable entities specified by the Georgian Law on Securities Market, whose share registry shall be maintained by the independent registrar. Similar rules may exist in other jurisdictions as well (e.g., Germany); hence, in the case of non-resident joint-stock companies, it should be found out whether it is entitled to maintain its shares registry itself.