AML Policy

Xprotech Ltd, a Cyprus registered company, with registration number HE 432278, and registration address at Agias Zonis 22A, 1st floor, office 101. 3027, also known as (“Xprocoins”) is dedicated to putting in place policies, procedures, and controls that are shaped by the best business practices and the most effective anti-money laundering standards used in the European Union and Globally.

The company has zero tolerance for money laundering, the financing of terrorism, or any other form of illegal activity.

All of the Company's employees, including its officers, directors, contractors, and consultants, are subject to these rules without exception.

This document serves as a high-level overview of the components and practices of the Company's AML/CTF compliance regime for partners, clients, vendors, contractors, employees, regulators, law enforcement, and other interested parties. By no means should this document be interpreted as a comprehensive list of all policies, practices, and controls that the Company has put in place to stop money laundering, the financing of terrorism, and other types of illicit activity.

This document, as well as all underlying policies, processes, and procedures, have been created in accordance with the recommendations, requirements, and provisions of:

  • Money laundering and terrorist financing prevention act of the European Union and the Republic of Cyprus, as amended (act);.
  • International sanctions act of the Republic of Cyprus and the European Union as amended; and,
  • A Risk-Based Approach to Virtual Assets and Virtual Assets Service Providers: FATF Guidance.

The Republic of Cyprus and the European Union laws govern the Company. The European Union was one of the first in the world to impose anti-money laundering ("AML") and countering the financing of terrorism ("CTF") regulations on companies involved in the exchange of virtual currency for fiat currency and virtual currency custody. As a result, each organization providing the aforementioned services from or on European soil must follow the guidance and rules of the European Union.

As a European company, Xprotech Ltd must abide by the Money Laundering and Terrorist Financing Prevention Act and the International Sanctions Act, which mandate that it must identify and confirm the identities of its clients, monitor their activity on a continuous basis, including transactions, keep records of their transactions and related paperwork for at least five years, and report specific transactions to the appropriate authorities.

According to the Company, money laundering is:

  1. The conversion or transfer of property, knowing that such property is derived from criminal activity or from an act of participation in such activity, for the purpose of concealing or disguising the illicit origin of the property or of assisting any person who is involved in the commission of such an activity to evade the legal consequences of that person's action;
  2. The concealment or disguise of the true nature, source, location, disposition, movement, rights with respect to, or ownership of, property, knowing that such property is derived from criminal activity or from an act of participation in such an activity;.
  3. The acquisition, possession or use of property, knowing, at the time of receipt, that such property was derived from criminal activity or from an act of participation in such an activity;.
  4. Participation in, association with, and attempts at committing crimes, as well as helping to facilitate or advise someone else to commit any of the crimes listed in points (a), (b), and (c).

Terrorist financing

Terrorist financing involves providing or gathering funds, either directly or indirectly, with the intention that they will be used, either fully or partially, to carry out offenses defined in Articles 1 to 4 of Council Framework Decision 2002/475/JHA. These offenses are aimed at intimidating a population or coercing a government into taking certain actions. Such actions may include intentionally causing harm or danger to individuals, causing significant damage to property that can harm people, or interfering with essential services, facilities, or system.

Risk-based approach and risk evaluation.

To determine the risk profile associated with each potential client, Xprocoins will carry out a risk-based due diligence procedure and gather data and documentation. The employees of the company will be cautious, diligent, and wise when assessing the general nature and character of every client. Xprocoins operates with the highest ethical standards and won't engage in business dealings with people or organizations that could harm the company's reputation or jeopardize the virtual currency sector.
For the purpose of identification, assessment and analysis of risks of money laundering and terrorist financing related to its activities, the Company prepares a risk assessment, taking account of the following categories:

  • Customer risk;
  • Geographical risk;
  • Product risk; and
  • Delivery channel risk

Depending on the level of risk, the risk that has been assessed and assigned to a specific customer should be updated on a regular basis based on knowledge of the customer and its operations.

Compliance Officer

A Compliance Officer who fulfills the Company's AML/CTF obligations and serves as the point of contact must be appointed by the company's management board. A compliance officer reports directly to the management board and is qualified, equipped, and has access to pertinent data from all of the company's organizational units.

To be appointed as a Compliance Officer, a person must meet the qualifications for the position, which include education, professional suitability, abilities, personal qualities, experience, and an impeccable reputation.

Among other things, a compliance officer's responsibilities include:

  • organization of the collection and analysis of information referring to unusual transactions or transactions or circumstances suspected of money laundering or terrorist financing, which have become evident in the activities of the Company;
  • reporting to the authorities in the event of suspicion of money laundering or terrorist financing;
  • periodic submission of written statements on compliance with the requirements arising from the Act to the management board of the Company;
  • performance of other duties and obligations related to compliance with the requirements of the Act.

In accordance with the risk assessment carried out in accordance with the Company's above-described risk-based approach, the Company has created and implemented rules of procedure that enable effective risk mitigation and management of risks related to money laundering and terrorist financing.

The policies outlined in this document must be strictly followed by every employee of the Company.

The rules of procedure consist of the following:

  1. a procedure for the application of due diligence measures regarding a customer, including a procedure for the application of simplified and enhanced due diligence measures;
  2. a model for identification and management of risks relating to a customer and its activities and the determination of the customer’s risk profile;
  3. the methodology and instructions where the Company has a suspicion of money laundering and terrorist financing or an unusual transaction or circumstance is involved as well as instructions for performing the reporting obligation;
  4. the procedure for data retention and making data available;
  5. instructions for effectively identifying whether a person is a politically exposed person or a local politically exposed person subject to international sanctions

The Company applies the following due diligence measures:

  1. identification of a customer and verification of the submitted information based on information obtained from a reliable and independent source, including using means of electronic identification and of trust services for electronic transactions;
  2. identification of the beneficial owner and, for the purpose of verifying their identity, taking measures to the extent that allows the Company to make certain that it knows who the beneficial owner is, and understands the ownership and control structure of the customer;
  3. understanding of business relationships, and, where relevant, gathering information thereon;
  4. gathering information on whether a person is a politically exposed person, their family member or a person known to be close associate;
  5. monitoring of a business relationship.

Simplified Due Diligence (SDD)

When a risk assessment created using these rules of procedure shows that the likelihood of money laundering or terrorist financing is lower than usual for the particular economic or professional activity, field, or situation, the Company may use simplified due diligence ("SDD") measures.

An employee of the company must first determine that the business relationship, transaction, or act is of lower risk before the application of SDD measures to a customer, and the company must then assign a lower degree of risk to the transaction, act, or customer.

The use of SDD measures is permitted to the extent that the Company ensures adequate oversight of business relationships, acts, and transactions to enable the identification of unusual transactions and the reporting of suspicious transactions in accordance with these procedural rules.

Enhanced Due Diligence (EDD)

In order to effectively manage and reduce a higher-than-usual risk of money laundering and terrorist financing, the Company uses enhanced due diligence ("EDD") measures.

EDD measures are always used in the following situations:

  • There are questions about the veracity of the submitted data, the legitimacy of the documents, or the identification of the beneficial owner after a person is identified or the information they provided is verified.
  • Except for a local politically exposed person, a family member, or a close friend, the customer is politically exposed.
    the customer is from a high-risk third country or their place of residence or seat in a high-risk third country;.
  • The customer is from a nation or territory that has low tax rates or has not yet established effective AML/CTF systems, according to reliable sources like mutual evaluations, reports, or published follow-up reports.
  • The Company also employs EDD measures when a risk analysis conducted in accordance with these regulations reveals that the risk of money laundering or terrorist financing is higher than usual with respect to a given economic or professional activity, field, or factor.

Definition and screening for PEP.

Reporting entities are required to give Politically Exposed Persons ("PEP") (as well as their families and people who are known to be close associates, as described below) increased scrutiny. This is due to the fact that the Financial Action Task Force issued international standards recognizing the possibility that a PEP could abuse their public office for personal gain and utilize the financial system to launder the proceeds of this abuse of office.

PEP refers to a natural person who currently holds or has previously held important public positions, such as:

  • the leader / head of State;.
  • minister and an assistant or deputy minister;.
  • a member of parliament or of a similar legislative body;.
  • a member of a political party's executive committee;.
  • a judge on the highest court;.
  • a member of the board of a central bank or of the court of auditors;.
  • an ambassador, a chargé d'affaires, and a senior military official;.
  • a member of the management, executive, or supervisory board of a state-owned company;.
  • an international organization's board of directors, as well as its director, deputy director, and members.
  • Middle-ranking or less senior officials are not included in PEPs.
  • A PEP's spouse, or a person deemed to be equivalent to a spouse, of a PEP or local PEP, a child and their spouse, or a person deemed to be equivalent to a spouse, of a PEP or local PEP, or a parent of a PEP or local PEP are considered family members of a PEP.
  • A natural person who is known to be the beneficial owner of, or to share beneficial ownership of, a legal person, a legal arrangement, or to have any other close business relations with, a PEP or a local PEP is known to be a person known to be a close associate of a PEP, as is a natural person who has sole beneficial ownership of a legal entity or legal arrangement that is known to have been established for the de facto benefit of a PEP or local PEP.

Screening for sanctions.

Dealing with individuals who are the target of international sanctions puts the Company, its directors, officers, and owners at great risk.

The same matching criteria used for PEP screening will be used by the company to perform sanction screening on its customers.

The Company will conduct screening at a bare minimum against the following sanctions lists:

  • Sanctions imposed by the UN;
  • Sanctions by the EU;
  • Sanctions by the Office of Financial Sanctions Implementation (OFSI-UK);
  • Sanctions managed by the US Office of Foreign Assets Control;
  • Sanctions imposed under the International Sanctions Act;
  • All matches (true hits) will be escalated to a Compliance Officer for additional processing and action.

Reporting and monitoring of suspicious activity.
The Compliance Officer of the Company must notify the authorities as soon as possible, but no later than two working days after discovering any activity or facts that have characteristics that relate to the use of criminal proceeds, terrorist financing, other criminal offenses, or an attempt thereat, or regarding which the Company suspects or knows that it constitutes money laundering, terrorist financing, or the commission of another criminal offense.

It is against the law for the Company and all of its employees, officers, and directors to tip-off or inform a person, their beneficial owner, agent, or other third party about a report that has been or will be filed against them with the authorities or about the start of criminal proceedings.

Data retention

The Company must retain the documents and information which served for identification and verification of clients, no less than five years after termination of the business relationship.

The Company implements necessary rules for protection of personal data upon application of the requirements arising from its obligations hereunder.

The Company is allowed to process personal data gathered upon implementation of these rules only for the purpose of preventing money laundering and terrorist financing and the data must not be additionally processed in a manner that does not meet the purpose, for instance, for marketing purposes.

By implementing a comprehensive program for employee education and training, the Compliance Officer must make sure that Company employees are fully aware of their legal obligations under the AML/CTF regime.

The needs of the Company determine the timing and subject matter of the training that is offered. According to changes in legal and/or regulatory requirements, employee responsibilities, and any other modifications to the business model, the frequency of training may change. The training program's objective is to inform the company's employees of the most recent advancements in the fight against money laundering and terrorist financing, as well as the trends and techniques that can be used to achieve this.

Cooperation and information exchange.

The Company complies with the duties, obligations, and limitations imposed by law in order to work with regulatory and law enforcement authorities in preventing money laundering and terrorist financing. To this end, the Company shares information that is available to it and responds to inquiries promptly. Contact us at if you have any pertinent requests. Please be aware that the Mutual Legal Assistance Treaty (MLAT) procedure may be applicable if you are representing a law enforcement agency from outside the European Union.

12/06/2023 – v.1.0