Anti-Money Laundering and Anti-Terrorism Financing Policy

General Provisions

0. Rocken is operated by Payean Finance Inc. (hereinafter — the Company), company number BC1333355, registered at 1771, Robson Street, 1373, Vancouver BC V6G 1C9, Canada, is a licensed provider of money service business (MSB), licensed by the FINTRAC Canada, MSB registration number: M21940685.

1. The Company shall comply with the requirements contained in the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and associated Regulations, as well as the requirements of other laws and regulations to the extent in which they relate to the Company’s operations.

2. The Company adheres to the policies and procedures outlined in this document (hereinafter – the AML Policy).

3. The Company develops this AML Policy, introduces amendments and additions to it at its own discretion, and oversees compliance with its provisions and requirements. The Company also adopts internal policies and procedures to ensure compliance with anti-money laundering and terrorist financing laws.

4. The current version of the AML Policy is always available on the website at: https://rocken.com/en/aml.

5. The Customer shall read the AML Policy before accepting the Rocken System Terms and Conditions (hereinafter – Terms and Conditions), published at: https://rocken.com/en/agreement. Acceptance by the Customer of the Terms and Conditions, as well as the performance by the Customer, who previously accepted the Agreement, of transactions in the Rocken System, means the Customer's consent to all the provisions of the current version of this AML Policy.

Chief Compliance Officer

1. The Company appoints the Chief Compliance Officer to implement and monitor performance of the procedures reflected in the AML Policy.

2. The Chief Compliance Officer is responsible for the collection, analysis, and investigation of information on any suspicious activities and the training of the Company’s employees pertaining to the relevant procedures; the Chief Compliance Officer shall determine the procedures and rules for carrying out Customers’ identification, reviewing and monitoring unusual transactions and technical features of the Company’s implementation of this AML Policy.

Customer Identification Policy

1. The Company uses specific procedures for identification and verification of Customers.

2. From Customers who request demo access to Rocken (financial transactions are not available), the Company requests only the name and email address.

3. In order to get full access to Rocken services, Customers are subject to identification procedure. For the purposes of Customers’ identification, the Company requests the following:

   • proof of identity document (passport, driving licence, national identity card, etc.);
   • proof of address (bank statement, utility bill, etc.);
   • phone number verification by receiving a code via SMS;
   • requires to undergo a liveness check via KYC service provider.

‘Know Your Customer’ Verification Procedures

1. The Company conducts the Know Your Customer (KYC) verification procedures to avoid the risk of being held liable and to protect Customers and itself from a Customer’s attempts to use the services for carrying out illegal activities.

2. As part of the KYC procedures, the Company evaluates Customers’ transactions, as well as collects and stores information on the essential facts pertaining to Customers, potential Customers, and their transactions.

3. After carrying out the identification procedures pertaining to a Customer, the Company stores the information obtained in this Customer’s file. The Company retains information on potential Customers to whom access to the services was denied due to AML policy and procedures.

4. The Company is committed to protecting Customers’ privacy rights and the confidentiality of their personal data. The Company collects personal data from Customers only to the extent necessary to ensure the Company is properly providing services to Customers and to comply with the applicable laws. Such personal data of Customers and former Customers may be disclosed to third parties only in a limited number of circumstances, in accordance with the applicable laws and agreements between the Company and the Customer. Privacy Notice is available here: https://rocken.com/en/privacy-notice.

5. The Company shall carefully maintain Customers’ files, including statements, transaction reports, receipts, notes, internal correspondence, and any other documents related to the Customer both in the electronic and paper format for a period of 5 (five) years from the date of the relevant transaction, and for the 5 (five) years from the moment business relations are terminated, whatever is later.

Transaction monitoring and processing

1. The Company applies various checking and monitoring algorithms to make sure all required KYC procedures are executed in a timely manner, persons with limitations (sanctions list and politically exposed persons screening) are detected, and comprehensive automated online monitoring is carried out.
2. Financial data analysis includes several major components:
   • Monitoring of sanctions lists;
   • Monitoring of user activity and user system environment;
   • Transaction monitoring;
   • Analysis of remaining balances, exchange rate fluctuations and other aspects;
   • Tools enhancing manual data analysis possibilities.
3. The Company applies risk-based approach to define account and transaction risk level. The Company has implemented automated risk assessment system (RAS) to analyse the risk profile of the users and ongoing transactions to prevent illegal and fraudulent activities. However, any significant decisions that may impact the Customer are subject to a manual review.

Identification and Detection of Suspicious Activities

1. The Company understands the importance of identifying and detecting suspicious activity through monitoring and reviewing the activity of customer transactions. Any financial transaction that may be related to money laundering activities shall be considered to be suspicious activities.

2. Grounds for determining that a specific transaction is suspicious may be personal observations and experience of the Company’s employees, as well as information received or identified. Suspicious activity includes a transaction that any employee knows or suspects to: involve proceeds from an illegal activity; evade currency transaction reporting requirements; vary significantly from the customer’s normal transactions; a third party gained access to the customer's account or the activities are performed under instructions of a third party; or has no business or apparent lawful purpose and the Company knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction.

3. The Company will apply enhanced scrutiny to manually monitor customer transactions, in a manner reasonably designed to detect money laundering and suspicious activity. To identify suspicious transactions, the Company is entitled to perform enhanced due diligence measures and request additional information from the Customer confirming the economic purpose of the transaction and the origin of funds.

4. The Chief Compliance Officer shall continuously monitor and update the systems used by the Company to detect suspicious activities.

5. In accordance with the applicable laws of Canada and the requirements of international organizations, the Company may, where appropriate and without the obligation of obtaining the Customer’s approval or notifying the Customer, notify regulating and/or law enforcement agencies of any suspicious transactions.

6. Different requirements for reporting suspicious transactions may depend on the nature and amount of a transaction.

7. The Company shall periodically refer to and consult the lists published by the authorities of Canada, other countries and international organizations that contain lists of known terrorists or persons suspected of terrorist activities, terrorist organizations, high-risk countries, a limited list of countries subject to the OFAC sanctions, jurisdictions that do not provide sufficient level of anti-money laundering procedures, as well as countries subject to sanctions to determine whether the Company’s Customer or potential Customer, and/or such Customer’s country of jurisdiction is included in the above lists.

8. The Company continuously conducts check against the Sanctions lists:

• UN Sanctions;
• Interpol Red List;
• HM Treasury;
• US OFAC Sanctions;
• UK Sanctions;
• EU Consolidated list of Sanctions.

9. The Company shall continuously conduct due diligence procedures pertaining to its Customers and scrutinize transactions carried out by them to ensure these transactions’ compatibility with the Company’s knowledge of its Customers, their business and, when necessary, their source of funds.

Third Parties

1. To perform some services and conduct business activities, the Company uses third-party service providers. The company shall try to determine, during the initial and ongoing due diligence process, to the extent possible whether there are any initiated investigations and filed lawsuits against any such third-party service providers. The company shall also determine whether a third-party provider has obtained all the necessary licences, permits, and approvals before establishing a business relationship with such third-party service provider.

2. Regarding its own staff, the Company shall carefully review all candidates for employment and determine whether the activities of a new employee fall in the category that is susceptible to money laundering activities. In addition, the Company has prepared and implements a number of personnel training programs on customer identification procedures and prevention of money laundering activities.

Civil and Criminal Penalties

1. Government authorities and international organizations may impose severe civil and criminal penalties against any person who violates the laws and regulations referred to in paragraph 1.2 of the AML Policy. Such civil and criminal penalties may include fines in the amount of up to millions of dollars, and the term of criminal punishment may be up to 10 (ten) years in prison. In addition, government authorities may confiscate any property involved in criminal violation of these laws and regulations, including companies, bank accounts, or any other assets that may be associated with criminal violations.

Compliance Statement

1. The Customer certifies that he/she has read and understood this AML Policy, and that they shall operate in full compliance with the requirements and standards outlined in the AML Policy and comply with all applicable laws and other regulations and requirements governing its activities as a customer.

2. The Customer acknowledges that he/she is responsible for his/her actions in accordance with the effective laws in the field discussed in this AML Policy and shall bear responsibility pertaining to failure to comply with such laws.