AML & KYC Policy

GROW420 OÜ has put in place an Anti-Money Laundering /Counter-Terrorist Financing Policy and a Know Your Customer Policy (collectively, the “AML Policies”). The Policies are revisited periodically and amended from time to time based on prevailing industry standards and international regulations designed to facilitate the prevention of illicit activity including money laundering and terrorist financing. All senior management and employees of the GROW420 OÜ are required to acknowledge and be familiar with the Policies.
The Policies are designed to lay down a framework to:
a. prevent GROW420 OÜ from being used, intentionally or unintentionally, by criminal elements for money laundering or financing terrorist activities;
b. enable GROW420 OÜ to know/understand its customers, clientele, contributors, business associates, and other contacts with which GROW420 OÜ has any financial dealings with (collectively, “Dealing Entities”) and their financial background and source of funds better, which in turn would help it to manage its risks prudently;
c. put in place appropriate controls for detection and reporting of suspicious activities in accordance with applicable laws, procedures and regulatory guidelines; and
d. equip employees of GROW420 OÜ with the necessary training and measures to deal with matters concerning KYC/AML procedures and reporting obligations.
THE POLICIES RISK-BASED APPROACH
GROW420 OÜ shall adopt and maintain a Risk-Based Approach (“RBA”) towards assessing and containing the money laundering and terrorist financing risks to GROW420 OÜ arising any transactions it has with Dealing Entities. The guidelines are as follows:
a. Before entering into any transaction or proposed transaction, necessary checks shall be conducted in line with the RBA so as to ensure that the identity of the Dealing Entities or persons associated with the entities does not match with any person with known criminal background or with banned entities such as individual terrorists or terrorist organizations.
b. For the purpose of risk categorization of Dealing Entities, the relevant information shall be obtained from the Dealing Entities at or before the time of entering into the transaction or commencement of business relationship.
c. The risk categorization process for different types of Dealing Entities may take into account the background of the Dealing Entities, nature of business activity, location of Dealing Entities / activity and profile of purchasers of any coin, country of origin, sources of funds, mode of payments, volume of turnover, social and financial background.
d. The outcome of the risk categorization process shall be decided based on the relevant information provided by the Dealing Entities at the time of commencement of business relationship.
e. Enhanced due diligence would be required for higher risk Dealing Entities, especially those for whom the sources of funds are not clear, or for transactions of higher value and frequency, which shall be determined by GROW420 OÜ at its sole and absolute discretion.
f. GROW420 OÜ must be able to satisfy the competent authorities that due diligence was observed based on the risk profile of the Dealing Entities in compliance with the relevant legislations in place.
g. If GROW420 OÜ deems necessary, GROW420 OÜ may appoint a Third-Party KYC/AML specialist screening firm to ensure compliance with prevailing regulations and GROW420 OÜ policies. GROW420 OÜ must be satisfied that such third party is adequately regulated, supervised or monitored, and has measures in place for compliance with Dealing Entities due diligence and record-keeping requirements in line with the requirements and obligations under the applicable regulations, and that the third party is not based in a country or jurisdiction assessed as high-risk.
1. DURING THE CRYPTOCURRENCY PURCHASE:
a. Establishing and maintaining risk-based due diligence, identification, verification and KYC procedures, including enhanced due diligence for those Dealing Entities presenting higher risk, such as Politically Exposed Persons (“PEPs”).
b. GROW420 OÜ should not allow the opening or maintenance of any anonymous whitelist accounts in fictitious name or account on behalf of other persons whose identity has not been disclosed or cannot be verified.
c. The maintenance of appropriate records for the minimum prescribed periods.
2. INTERNAL CONTROLS
a. GROW420 OÜ will develop and implement internal controls for the purpose of ensuring that all of its operations comply with AML legal requirements and that all required reports are made on a timely basis. Some of those internal controls are listed within this document and may include, but are not limited to, the Customer Identification Program, the Suspicious Activity Reporting system, and the required reports on the Policies’ effectiveness to the Board, all of which are set out in the remainder of this Policies.
3. CUSTOMER IDENTIFICATION PROGRAM
a. The Customer Identification Program is to be carried out at the following stages: (i) while establishing a business relationship; (ii) before or during the carrying out of any financial transaction; and (iii) when there is any doubt about the authenticity/veracity or the adequacy of the previously obtained Dealing Entities’ identification data.
b. GROW420 OÜ will (i) require Dealing Entities to provide proof of identification; and (ii) not under any circumstances permit any transaction above 500 EUR monthly (1000 EUR annually) or its crypto currency or any other fiat currency equivalent to be made with incomplete account-opening or background and identity verification information.
c. When there shall be any suspicion of money laundering or terrorism financing activities, or where there shall be any doubt about the adequacy or veracity of previously obtained Dealing Entities’ identification data, the due diligence measures shall be reviewed, including verifying again the identity of the Participant and obtaining information regarding the purpose and intended nature of the business relationship with GROW420 OÜ.
4. PROOF OF IDENTIFICATION:
a. For natural persons, sufficient identification data shall be obtained to verify:
  • Full name
  • Date of birth
  • Nationality/ Citizenship
  • Country of birth
  • City or town of birth "Government-issued identification number (where applicable): i.e. national identity number or Passport number"
  • Gender
  • Residential address
  • Verification of address is required by obtaining a copy of acceptable address proof document (one or more, at the discretion of GROW420 OÜ) issued in the 3 months prior to establishing an account. The document must carry the Participant's name and address.
  • Permanent address (if different from residential)
  • Correspondence address (if different from residential)
  • Identification and Verification of authorized agents (e.g. any power of attorney of the account)
b. For other legal entities, sufficient documentation shall be obtained to verify:
  • Name
  • Government-issued identity documents (for connected parties)
  • Address proof document for connected parties (issued within 3 months date received)
  • Certificate of Incorporation/ or Certificate of Registration
  • Company Search Report/ or Certificate of Incumbency (COI)
  • M&AA/ Constitution/ Articles of Incorporation/ By-Laws
  • Organization chart for ownership structure
  • The standing of any person purporting to act on behalf of the legal entity
  • The ownership and control structure of the legal entity, and to determine who are the natural persons who ultimately control the legal entity
  • The Identification Data of the natural persons who ultimately control the legal entity (see above)
  • List of key controllers
  • Trust Deed (If any)
  • If partial Trust Deed is provided, this should include the front page of the initial trust deed and the last pages of the latest Deed, which should contain the following information;
  • Appointment of current Trustees,
  • Full name of the Trust and Trading As Name, and
  • Trustees' signature (If any)
  • Declaration of Trust (If any)
  • Foundation Charter (If any)
  • Declaration of Foundation (If any)
c. For other legal entities, sufficient documentation may (at GROW420 OÜ determination) be obtained to verify:
  • Latest Annual Report
  • Partnership agreement (Full)
  • Partnership agreement (Partial) or Latest Annual Report
  • Evidence from reliable public sources e.g. extract of latest listed stock register, indicating that the Participant is listed on a stock exchange in a FATF member country
  • 5. VERIFICATION
    a. Documents used for whitelisting of an account must be verified prior to the acceptance of the account into the whitelist. Verification of identity may require multi-factor authentication, layered security and other controls to ensure a meaningful user identity confirmation process based on account size or other factors.
    b. The following are examples of verification methods GROW420 OÜ may use but is not an exhaustive list of the documents that GROW420 OÜ may request:
    • Obtaining proof of address, such as a copy of a utility bill or bank statement from the account holder.
    • Comparing the identifying information with information available from a trusted third-party source, such as a credit report from a consumer-reporting agency.
    • Analysing whether there is logical consistency between the identifying information provided, such as the Dealing Entities’ name, street address, postal code, telephone number, date of birth, and social security number (logical verification).
    • Utilizing knowledge-based challenge questions.
    • Utilizing complex device identification (such as “digital fingerprints” or IP geo-location checks).
    • Obtaining a notarized or certified true copy of an individual’s birth certificate for valid identification.
    6. SUSPICIOUS TRANSACTION AND ACTIVITY REPORTS
    a. For the purpose of the Policies, a “Suspicious Transaction” means a transaction or attempted transaction, which to a person acting in good faith:
    • gives rise to a reasonable ground of suspicion that it may involve proceeds of criminal or other illicit activity, regardless of the value involved;
    • appears to be made in circumstances of unusual or unjustified complexity;
    • appears to have no economic rationale or bona fide purpose; and
    • gives rise to a reasonable ground of suspicion that it may involve financing of the activities relating to terrorism.
    b. On going monitoring is an essential element of effective implementation. GROW420 OÜ will diligently monitor transactions for Suspicious Transactions and other suspicious activity in relation to the sale of its crypto currency.
    c. Internal controls will be implemented so that a monitoring system is in place to reasonably detect such activity as it occurs. When a suspicious activity is detected, GROW420 OÜ senior management will make the decision as to whether the transaction meets the definition of suspicious transaction or activity and whether any filings with law enforcement authorities should be filed. GROW420 OÜ reserves the right to report suspicious transactions or activity to law enforcement authorities at its sole discretion.
    d. GROW420 OÜ will maintain a copy of the filing as well as all backup documentation. The fact that a filing has been made is confidential. No one, other than those involved in the investigation and reporting should be told of its existence. In no event should the parties involved in the suspicious activity be told of the filing. GROW420 OÜ may inform Company Board of the filing and the underlying transaction.
    7. MAINTAINING RECORDS
    a. Reasonable procedures for maintaining records of the information used to verify a person’s name, address and other identifying information submitted for the purposes of participating in the sale of the crypto currency are required under this Policy. The following are required steps in the record keeping process:
    • GROW420 OÜ is required to maintain a record of identifying information provided by the Dealing Entities.
    • Where GROW420 OÜ relies upon a document to verify identity, GROW420 OÜ must maintain a copy of the document that GROW420 OÜ relied on that clearly evidences the type of document and any identifying information it may contain.
    • GROW420 OÜ must also record the methods and result of any additional measures undertaken to verify the identity of the Dealing Entities.
    • GROW420 OÜ must record the resolution of any discrepancy in the identifying information obtained.
    • All transaction and identification records will be maintained for as long as reasonably necessary for the purpose of conducting the TGE and to comply with applicable regulations.
    b. All information collected from the Participants will be subject to GROW420 OÜ privacy policy, which is announced from time-to-time.
    8. POST CRYPTO PURCHASE EVENT AND ON AN ON-GOING BASIS:
    a. Establishing and maintaining the Policies towards assessing and managing the money and terrorist financing risks to GROW420 OÜ.
    b. Establishing and maintaining risk-based Dealing Entities due diligence, identification, verification and KYC procedures, including enhanced due diligence for those Dealing Entities presenting higher risk, such as Politically Exposed Persons (PEPs).
    c. Procedures for reporting suspicious fraudulent use of identification documents to the relevant law enforcement authorities as appropriate.
    d. The maintenance of appropriate records for reasonable period of time.
    e. Providing appropriate management information and reporting to senior management of GROW420 OÜ compliance with the requirements of the Policies.
    f. GROW420 OÜ may require purchasers of the any coins to provide additional information or documentation to fulfil our legal obligations and where it deems appropriate refuse any Participant or transaction that is suspected of being related to financial crime.