GROW420 OÜ has put in place an Anti-Money Laundering /Counter-Terrorist
Financing Policy and a Know Your Customer Policy (collectively, the “AML Policies”).
The Policies are revisited periodically and amended from time to time based on prevailing
industry standards and international regulations designed to facilitate the prevention of
illicit activity including money laundering and terrorist financing. All senior management and
employees of the GROW420 OÜ are required to acknowledge and be familiar with the Policies.
The Policies are designed to lay down a framework to:
a. prevent GROW420 OÜ from being used, intentionally or unintentionally, by criminal elements
for money laundering or financing terrorist activities;
b. enable GROW420 OÜ to know/understand its customers, clientele, contributors, business associates,
and other contacts with which GROW420 OÜ has any financial dealings with (collectively, “Dealing Entities”)
and their financial background and source of funds better, which in turn would help it to manage its risks prudently;
c. put in place appropriate controls for detection and reporting of suspicious activities in accordance with
applicable laws, procedures and regulatory guidelines; and
d. equip employees of GROW420 OÜ with the necessary training and measures to deal with matters concerning
KYC/AML procedures and reporting obligations.
THE POLICIES RISK-BASED APPROACH
GROW420 OÜ shall adopt and maintain a Risk-Based Approach (“RBA”) towards assessing and
containing the money laundering and terrorist financing risks to GROW420 OÜ arising any
transactions it has with Dealing Entities. The guidelines are as follows:
a. Before entering into any transaction or proposed transaction,
necessary checks shall be conducted in line with the RBA so as to
ensure that the identity of the Dealing Entities or persons associated
with the entities does not match with any person with known criminal
background or with banned entities such as individual terrorists or
b. For the purpose of risk categorization of Dealing Entities, the relevant
information shall be obtained from the Dealing Entities at or before the
time of entering into the transaction or commencement of business
c. The risk categorization process for different types of Dealing Entities
may take into account the background of the Dealing Entities, nature of
business activity, location of Dealing Entities / activity and profile of
purchasers of any coin, country of origin, sources of funds, mode of
payments, volume of turnover, social and financial background.
d. The outcome of the risk categorization process shall be decided based
on the relevant information provided by the Dealing Entities at the time
of commencement of business relationship.
e. Enhanced due diligence would be required for higher risk Dealing
Entities, especially those for whom the sources of funds are not clear, or
for transactions of higher value and frequency, which shall be
determined by GROW420 OÜ at its sole and absolute discretion.
f. GROW420 OÜ must be able to satisfy the competent authorities
that due diligence was observed based on the risk profile of the Dealing
Entities in compliance with the relevant legislations in place.
g. If GROW420 OÜ deems necessary, GROW420 OÜ may appoint
a Third-Party KYC/AML specialist screening firm to ensure compliance
with prevailing regulations and GROW420 OÜ policies. GROW420 OÜ must be satisfied that such third party is adequately
regulated, supervised or monitored, and has measures in place for
compliance with Dealing Entities due diligence and record-keeping
requirements in line with the requirements and obligations under the
applicable regulations, and that the third party is not based in a country
or jurisdiction assessed as high-risk.
1. DURING THE CRYPTOCURRENCY PURCHASE:
a. Establishing and maintaining risk-based due diligence, identification,
verification and KYC procedures, including enhanced due diligence for
those Dealing Entities presenting higher risk, such as Politically
Exposed Persons (“PEPs”).
b. GROW420 OÜ should not allow the opening or maintenance of any
anonymous whitelist accounts in fictitious name or account on behalf of
other persons whose identity has not been disclosed or cannot be
c. The maintenance of appropriate records for the minimum prescribed
2. INTERNAL CONTROLS
a. GROW420 OÜ will develop and implement internal controls for the
purpose of ensuring that all of its operations comply with AML legal
requirements and that all required reports are made on a timely basis.
Some of those internal controls are listed within this document and may
include, but are not limited to, the Customer Identification Program, the
Suspicious Activity Reporting system, and the required reports on the
Policies’ effectiveness to the Board, all of which are set out in the
remainder of this Policies.
3. CUSTOMER IDENTIFICATION PROGRAM
a. The Customer Identification Program is to be carried out at the
following stages: (i) while establishing a business relationship; (ii)
before or during the carrying out of any financial transaction; and (iii)
when there is any doubt about the authenticity/veracity or the
adequacy of the previously obtained Dealing Entities’ identification
b. GROW420 OÜ will (i) require Dealing Entities to provide proof of identification; and (ii) not under
any circumstances permit any transaction above 500 EUR
monthly (1000 EUR annually) or its crypto currency or any other fiat currency equivalent to be made with
incomplete account-opening or background and identity
c. When there shall be any suspicion of money laundering or terrorism
financing activities, or where there shall be any doubt about the
adequacy or veracity of previously obtained Dealing Entities’
identification data, the due diligence measures shall be reviewed,
including verifying again the identity of the Participant and obtaining
information regarding the purpose and intended nature of the business
relationship with GROW420 OÜ.
4. PROOF OF IDENTIFICATION:
a. For natural persons, sufficient identification data shall be obtained to
- Full name
- Date of birth
- Nationality/ Citizenship
- Country of birth
- City or town of birth "Government-issued identification number
(where applicable): i.e. national identity number or Passport
- Residential address
- Verification of address is required by obtaining a copy of
acceptable address proof document (one or more, at the
discretion of GROW420 OÜ) issued in the 3 months
prior to establishing an account. The document must carry
the Participant's name and address.
- Permanent address (if different from residential)
- Correspondence address (if different from residential)
- Identification and Verification of authorized agents (e.g. any
power of attorney of the account)
b. For other legal entities, sufficient documentation shall be obtained to
- Government-issued identity documents (for connected parties)
- Address proof document for connected parties (issued within 3
months date received)
- Certificate of Incorporation/ or Certificate of Registration
- Company Search Report/ or Certificate of Incumbency (COI)
- M&AA/ Constitution/ Articles of Incorporation/ By-Laws
- Organization chart for ownership structure
- The standing of any person purporting to act on behalf of the legal
- The ownership and control structure of the legal entity, and to
determine who are the natural persons who ultimately control
the legal entity
- The Identification Data of the natural persons who ultimately
control the legal entity (see above)
- List of key controllers
- Trust Deed (If any)
- If partial Trust Deed is provided, this should include the front
page of the initial trust deed and the last pages of the latest Deed,
which should contain the following information;
- Appointment of current Trustees,
- Full name of the Trust and Trading As Name, and
- Trustees' signature (If any)
- Declaration of Trust (If any)
- Foundation Charter (If any)
- Declaration of Foundation (If any)
c. For other legal entities, sufficient documentation may (at GROW420 OÜ determination) be obtained to verify:Latest Annual Report
Partnership agreement (Full)
Partnership agreement (Partial) or Latest Annual Report
Evidence from reliable public sources e.g. extract of latest listed
stock register, indicating that the Participant is listed on a stock
exchange in a FATF member country
a. Documents used for whitelisting of an account must be verified
prior to the acceptance of the account into the whitelist.
Verification of identity may require multi-factor authentication,
layered security and other controls to ensure a meaningful user
identity confirmation process based on account size or other
b. The following are examples of verification methods GROW420 OÜ may use but is not an exhaustive list of
that GROW420 OÜ may request:
- Obtaining proof of address, such as a copy of a utility bill or
bank statement from the account holder.
- Comparing the identifying information with information
available from a trusted third-party source, such as a credit
report from a consumer-reporting agency.
- Analysing whether there is logical consistency between the
identifying information provided, such as the Dealing
Entities’ name, street address, postal code, telephone
number, date of birth, and social security number (logical
- Utilizing knowledge-based challenge questions.
- Utilizing complex device identification (such as “digital
fingerprints” or IP geo-location checks).
- Obtaining a notarized or certified true copy of an
individual’s birth certificate for valid identification.
6. SUSPICIOUS TRANSACTION AND ACTIVITY REPORTS
a. For the purpose of the Policies, a “Suspicious Transaction”
means a transaction or attempted transaction, which to a person
acting in good faith:
- gives rise to a reasonable ground of suspicion that it may
involve proceeds of criminal or other illicit activity,
regardless of the value involved;
- appears to be made in circumstances of unusual or
- appears to have no economic rationale or bona fide
- gives rise to a reasonable ground of suspicion that it may
involve financing of the activities relating to terrorism.
b. On going monitoring is an essential element of effective
implementation. GROW420 OÜ will diligently monitor
transactions for Suspicious Transactions and other suspicious
activity in relation to the sale of its crypto currency.
c. Internal controls will be implemented so that a monitoring
system is in place to reasonably detect such activity as it occurs.
When a suspicious activity is detected, GROW420 OÜ senior
management will make the decision as to whether the transaction
meets the definition of suspicious transaction or activity and
whether any filings with law enforcement authorities should be
filed. GROW420 OÜ reserves the right to report suspicious
transactions or activity to law enforcement authorities at its sole
d. GROW420 OÜ will maintain a copy of the filing as well as all
backup documentation. The fact that a filing has been made is
confidential. No one, other than those involved in the
investigation and reporting should be told of its existence. In no
event should the parties involved in the suspicious activity be
told of the filing. GROW420 OÜ may inform Company Board of
the filing and the underlying transaction.
7. MAINTAINING RECORDS
a. Reasonable procedures for maintaining records of the
information used to verify a person’s name, address and other
identifying information submitted for the purposes of
participating in the sale of the crypto currency are required
under this Policy. The following are required steps in the record
- GROW420 OÜ is required to maintain a record of
identifying information provided by the Dealing Entities.
- Where GROW420 OÜ relies upon a document to verify
identity, GROW420 OÜ must maintain a copy of the
document that GROW420 OÜ relied on that clearly
evidences the type of document and any identifying
information it may contain.
- GROW420 OÜ must also record the methods and result
of any additional measures undertaken to verify the
identity of the Dealing Entities.
- GROW420 OÜ must record the resolution of any
discrepancy in the identifying information obtained.
- All transaction and identification records will be
maintained for as long as reasonably necessary for the
purpose of conducting the TGE and to comply with
b. All information collected from the Participants will be subject
8. POST CRYPTO PURCHASE EVENT AND ON AN ON-GOING BASIS:
a. Establishing and maintaining the Policies towards assessing
and managing the money and terrorist financing risks to GROW420 OÜ.
b. Establishing and maintaining risk-based Dealing Entities due
diligence, identification, verification and KYC procedures,
including enhanced due diligence for those Dealing Entities
presenting higher risk, such as Politically Exposed Persons
c. Procedures for reporting suspicious fraudulent use of
identification documents to the relevant law enforcement
authorities as appropriate.
d. The maintenance of appropriate records for reasonable period
e. Providing appropriate management information and reporting
to senior management of GROW420 OÜ compliance with the
requirements of the Policies.
f. GROW420 OÜ may require purchasers of the any coins to
provide additional information or documentation to fulfil our
legal obligations and where it deems appropriate refuse any
Participant or transaction that is suspected of being related to