Policy overview

STIC LTD is a legal name of the company that is yet to be incorporated in Mauritius. STIC LTD may be referred to STICPAY or as the Company in the following text.

In terms of law, money laundering means legalizing the proceeds of crime, i.e. actions that conceal the source of funds in order to make their nature lawful.

Anti-money laundering (AML) incorporates a complex of measures aimed at prevention of use of the financial system of the country or any specific financial institution for money laundering or terrorist financing. Such measures and instruments are worked out and implemented by international and national institutions, banking and business community. That is why national and international laws make it illegal for STICPAY and its employees to be knowingly or recklessly engaged in any activity related to such illegally gained capital.

Implemented Procedures

STICPAY implements a strong anti-money laundering policy to ensure that its customers will be identified for such suspicions up to a certain standard to minimize the procedural complications for genuine and legitimate customers. In order to fulfil its commitment to provide full assistance to governments combating such illegal financial transactions, STICPAY has developed a technologically advanced and reliable electronic system, which completely verifies its client identity and is able to maintain a detailed record of all previous financial transactions.

STICPAY makes sure to track all suspicious activities and report any of these to the relevant law enforcement bodies. That is why complete legal protection is provided to clients who share confidential financial data with the Company.

To discourage money laundering and related illegal activities, STICPAY does not deal in cash transactions whether to deposit or withdraw funds. The Company reserves the right to suspend any transaction where it finds even a suspicion of money laundering.

STICPAY collects identification data of every Client, as well as IP addresses, online activity, communications and, in general, all transactions carried out by the Client.

STICPAY tracks, including auto-monitoring and auto-controlling, suspicious activities of the clients and transactions executed under unusual conditions. These include, butare not limited to, transactions that do not make economic sense, unexplained large transactions, transactions involving unidentified parties, investments related transactions of unclear nature. STICPAY reserves the right to ask supporting documentation for the suspicious transactions.

Users must notify STICPAY in case they identify any unauthorised transactions in their account. Enhanced Due Diligence is exercised on high-risk customers, high turnover customers and/or potential suspicious customers/transactions. The purpose of the transaction is established where applicable.

STICPAY improves its AML procedures continuously to monitor unlawful financial schemes.

STICPAY reserves the right to refuse to process a transaction at any stage, when we believe that the transaction is associated with money laundering or other criminal activity.

STICPAY complies with the legal requirements of Mauritius for anti-money laundering. In cases set forth in the relevant legal enactments, we cooperate with officials and government institutions of Mauritius, as well as other countries.

Jurisdiction and Sanction Lists

In line with these Procedures, the Company will assess whether the jurisdictions are to be considered as non-reputable jurisdictions or high-risk jurisdictions.

In its assessment, the Company will take into account any accreditation, declaration, public statement or report issued by an international organisation which lays down internationally accepted standards for the prevention of ML/FT, or which monitors adherence thereto, as well as whether the jurisdiction has been included by the International Organizations and local authorities in the list of high-risk 3rd countries.

STICPAY does not offer its services to residents of certain jurisdictions such as Cuba, Sudan, Syria and North Korea and listed / relevant parties of Consolidated United Nations Security Council Sanctions Lists and others that may be added to the restricted country list from time to time by the Chief Compliance Officer.

Non-acceptable use Policy

STICPAY has also an established non-acceptable use policy which clearly states the business models that will not be acceptable. Those include, but are not limited to:

  • Material which incites or promote violence and/or racism
  • Prescription drugs, illegal drugs
  • Illegal tobacco products
  • Firearms and weapons
  • Pornography, child pornography, adult material
  • Satellite and cable TV descramblers
  • Any fake or counterfeit government ID’s, Visas, Licenses or other
  • Any goods or services that infringe on the intellectual property rights of third parties
  • Pyramid or Ponzi scheme products or third-party payment processing or payment aggregation products, multi-level marketing and other “get-rich-quick” schemes or high yield investment programs
  • Prepaid or other stored value cards that are not associated with a merchant and/or are not limited to purchases of particular products or services
  • Unlicensed gambling services of any type

Non-acceptable customers/individuals

The Company will not establish a Business Relationship with customers / groups of customers that present unacceptably high risks. Customers whose acceptance must be refused, if they are natural persons or legal entities, must meet one or more of the following criteria:

  • Reside in countries considered sanctioned countries
  • The intended purpose of use of the account is defined as “Non-Acceptable”
  • Are included in National or Supra-National Sanctions lists as “Sanctioned person or entity”
  • There is available public information about involvement or investigation for drug manufacturing, drug trafficking, people smuggling, sexual servitude, illegal logging / phishing, fraud or organized theft, corruption
  • Fail or refuse to provide the Company with requested information or documents
  • Provide false or misleading information

Compliance Regime

Like other financial institutions, STICPAY has also set up a compliance regime in order to fulfil its formal legal requirements. This includes the appointment of a Compliance Officer, policy making, regular review of their implementation and impact and professional compliance training to staff members. STICPAY also ensures regular updating of its electronic systems to modern rules and regulations developed for more sophisticated checks to trace money laundering and other criminal financial practices. Professional training is provided to STICPAY’s employees to trace such illegal activities and to use modern technological systems, which constitutes part of STICPAY’s essential policies.

Additional Disclosure

Identification

The purpose of the Customer Due Diligence (or CDD in short) measures is to assist STICPAY to identify and verify information on customers so that the Company may establish the amount of risk these customers pose in regard money laundering and funding of terrorism.

The level of intensity of CDD is applied in accordance with the customer risk assessment. CDD is not only applied at the customer acceptance stage but also on an ongoing basis.

The Company operates an online payment intermediary business which doesn’t accept cash as a means of payment and only accepts non-face-to-face customers. It generally accepts both natural persons and companies as customers to register an account with the Company and simultaneously agrees to the Company’s terms and conditions, and thus the Company enters into a business relationship with all its customers, as opposed to carrying out any occasional transactions. All customers’ accounts shall be held in the name of applicant and the Customer confirms that it is acting on its own behalf. No anonymous accounts or fictitious names shall be used.

In applying CDD measures the Company is provided with a mechanism to enable it to satisfy its obligations under the Implementing Procedures relating to:

  1. Identification of the customer as the beneficial owner;
  2. Customer screening;
  3. Verification of the customer as the beneficial owner
  4. Establishing the source of wealth and source of funds;
  5. Obtaining information on the purpose and intended nature of the business relationship and the business and risk profile of the customer; and
  6. Monitoring the business relationship on an ongoing basis.

The Company shall apply CDD measures in the following instances:

  • When establishing a business relationship;
  • When the Company has knowledge or suspicion of proceeds of criminal activity, ML/FT, regardless of any derogation, exemption or threshold that would otherwise be applicable;
  • To existing customers, at appropriate times and on a risk-sensitive basis, including at times when the Company becomes aware that the relevant circumstances surrounding a business relationship have changed;
  • When doubts arise about the veracity or adequacy of previously obtained customer identification information.

A detailed description of the identification of a client – natural person without his (her) simultaneous physical presence.

The customer will have to fill in the questionnaire provided by STICPAY and submit his/her face and ID picture using the Ondato solution.

Ondato technology (a mobile application used for non-face-to-face identification where the facial image of the customer and the original of the identity document shown by the customer are captured by means of live image transmission), ensures that:

  • A picture of the customer’s facial image is taken from the front;
  • Image of the customer’s ID document is captured. In case of identity card both sides are captured and in case of showing a passport, the page of the document containing the customer’s data and photograph is captured;
  • Ondato mobile application ensures that the image capturing process is continuous and real-time only. In case of any disruptions, the process is terminated and my only be restarted;
  • Information from the presented ID is clearly readable and the features of the person’s photograph is on the ID are clearly visible and do not raise any doubts to STICPAY;
  • Ondato solution checks if the ID has not been counterfeited, altered or photoshopped;
  • After the above actions are performed by Onfido, the Company shall review the video to ensure that the customer acts on his/her own behalf.

If the non-face-to-face identification process does not meet the requirements indicated above, the procedure to establish the customer’s identity must be repeated.

STICPAY shall be entitled to request additional documents to the extent satisfactory to STICPAY and/or the hard copies of the documents already submitted to be sent to the address indicated by STICPAY.

STICPAY shall establish if the customer is not a politically exposed person.

STICPAY shall compose the customer’s portrait for further monitoring purposes.

During establishment of the identity, STICPAY shall also assess if there is a necessity to apply the enhanced due diligence. If that will be required, respective measures shall be applied.

Enhanced Due Diligence (EDD)

The Company will apply EDD measures on a risk-sensitive basis in those situations which, by their nature, represent a higher risk of money launder or financing terrorists (ML/ FT). In essence, EDD measures are additional measures to the CDD measures, which are to be applied in order to ensure that the higher risks presented by certain customers, products, services or transactions are better monitored and managed to avoid any involvement in ML/FT. It is mandatory for EDD measures to be applied in any situation that presents a higher risk of ML/FT. For higher risk scenarios, as determined by the CRA CAP Manual, the Company shall apply EDD which will include a request for additional information and/or documentation from a Customer.

The Company is required to use its discretion in applying enhanced due diligenceEDD measures in other situations which, by their nature, can pose a higher risk of ML/FT, with the exception of those other situations, where the application of specific EDD measures to be undertaken is required in terms of law independently of the actual risk presented. These other situations which are mandated by law to pose a higher risk and concern the Company are:

  • Politically Exposed Person (“PEP”);
  • Transactions that are complex, unusually large, conducted in an unusual pattern, or have no apparent economic or lawful purpose; and
  • Occasional transactions or business relationships or transactions which involve non-reputable jurisdictions. Complex or Large Transactions;
  • Correspondent relationships; and
  • Jurisdiction & Sanctions Lists

A description of the enhanced due diligence of a client – natural and legal person.

While performing EDD in relation to establishment of business relationship with the clients natural persons who are either citizens or are residing or corporate clients are established in high-risk jurisdictions, the Company shall be obliged:

  1. To obtain additional information about the client and the beneficiary;
  2. To obtain additional information on the intended nature of the business relationship;
  3. To obtain information on the source of funds and assets of the client and the beneficiary;
  4. To obtain information on the reasons for intended transactions;
  5. To obtain the approval of the senior manager to establish business relations with such clients or the approval to continue business relations with such clients;
  6. To carry out enhanced ongoing due diligence of business relationship with such client, increasing the number and terms of the applied control measures and selecting the types of transactions that will be further investigated;

Complex and/or Large Transactions

The Company as far as reasonably practicable, shall examine the purpose and background of all complex and unusually large transactions, and all unusual patterns of transactions, which have no apparent economic or lawful purpose. The degree and nature of the monitoring of such transactions and the business relationship within which such transactions are being undertaken shall be increased in order to ascertain whether such transactions or activities are suspicious of ML/FT activities.

In view of the above paragraph the Company will pay special attention to the following non- exhaustive list of transactions:

  • Depositing funds and immediately withdrawing them without any reasonable explanation;
  • Early withdrawals requests;
  • Transfer funds deposited via a different payment method than was originally used to carry out an initial transaction.
  • Complex or large transactions;
  • Customer carries out transactions which seem to be disproportionate to his wealth, or known income or financial situation.

Customers who refuse to provide information

In the situation where the Company is unable to complete CDD due to the refusal of a Customer to provide the necessary documentation and information, the Company, in line with the standards and internal policies shall:

  • Not carry out anymore transaction through its accounts;
  • Not establish the business relationship or carry out an occasional transaction;
  • Terminate the business relationship with the client and;
  • Consider its regulatory reporting obligations.

Deposits and Withdrawals

In case of money deposits, the sender’s name must match the name of the customer present in STICPAY record. No third-party mediation is allowed in this case so Mr. A cannot deposit money from his name for Mr. B. Similarly, in case of a money withdrawal, the recipient’s name must match the name of the account holder they are withdrawing money from. If the transaction is online money, then funds will only be withdrawn through the same online transfer system to the same account from where it has been transferred.

Reporting

The Company has internal and external reporting procedures in place for reporting to the authorities any knowledge or suspicion of ML/FT, and any knowledge or suspicion that funds or property are the proceeds of criminal activity.

In fact, the MLRO’s core functions centre around reporting and are listed below:

  • Receiving from the Company’s employees reports of knowledge or suspicion of ML/FT or that a person may have been, is or may be connected with ML/FT from the Company’s employees;
  • Considering such reports to determine whether knowledge or suspicion of ML/FT subsists or whether a person may have been, is or may be connected with ML/FT;
  • Reporting knowledge or suspicion of ML/FT or of a person’s connection with ML/FT to the authorities; and
  • Responding promptly to any request for information made by the relevant authorities.

The MLRO is able to communicate directly with the Board of Directors and has the authority to act independently in carrying out his responsibilities and has full and unlimited access to all records, data, documentation and information of the Company for the purposes of fulfilling his responsibilities.

It is within the MLRO’s remit only to consider internal reports of ML/FT and decide whether there are sufficient grounds for filing an STR to the relevant authorities.

Internal and External Reporting Procedures

The internal reporting procedures clearly set out the steps to be followed when an employee of the Company knows or suspects that a person or a transaction is connected to ML/FT.

After considering the internal report and all the necessary documentation, where the MLRO determines that the Company knows, suspects or has reasonable grounds to suspect that:

  • knows,
  • suspects; or
  • has reasonable grounds to suspect that:
    • a transaction may be related to ML/FT; or
    • a person may have been, is, or may be connected with ML/FT; or
    • ML/FT has been, is being, or may be committed or attempted,

The MLRO must file a STR with the relevant authorities. In so doing, the MLRO is not to disclose the name of the employee who made the internal report.

Record Keeping

The retention of records is not only intended to show that the Company complied with its obligations at law but also to assist the relevant supervisory authorities and law enforcement agencies in the prevention, detection, analysis or investigation of possible ML/FT.

The Company must retain records of any business relationship they enter into and of any transaction they carry out, be it an occasional transaction or a transaction that takes place within the context of a business relationship.

These records are to include any documentation and information produced or obtained in complying with the Company’s obligations under the regulations and any Implementing Procedures issued thereunder. These records are not only intended to show that the Company person complied with its obligations at law but are also essential for a Company to effectively discharge certain aspects of its AML/CFT obligations like the carrying out, or revision, of its business risk assessment and the carrying out of ongoing monitoring.

The Company is committed in keeping the following records:

  • Records of the actions taken to adopt and implement the risk-based approach, which are to include the following:
    • a copy of the Business Risk Assessment, changes thereto, as well as a record of any decision taken with respect to that assessment;
    • a copy of the subject person’s most recent controls, policies, measures and procedures; and
    • a copy of each assessment carried out by the subject person as is referred to in and of any revision/s thereof.
  • The CDD information and documents obtained for identification and verification of identity purposes. The records to be maintained are to include the following:
    • where the Company view the original CDD documents , signed and dated by an officer of the subject person or a scanned copy retained by making use of the electronic system;
    • when the Company use video conferencing tools, identity verification software, or E-IDs to verify the identity of any individual, the records listed in those sub-sections should be retained;
    • when the verification of the residential address of any individual is carried out by visiting that individual at the address indicated, a record of the visit should be maintained;
    • when verification of the residential address of any individual is carried out by sending correspondence or codes via registered mail or other mail courier service, the records listed in that section should be retained;
  • Records containing details relating to the business relationship that is formed and all transactions carried out in the course of a business relationship or an occasional transaction. These records are to include the following:
    • information gathered to establish the business and risk profile;
    • files related to accounts held by the Company, where applicable, and all business correspondence of the Company exchanged in the course of a business relationship or in carrying out an occasional transaction;
    • any supporting evidence and records necessary to reconstruct all transactions carried out or facilitated by that subject person in the course of a business relationship or any occasional transaction.

Such records should either consist of original documents or copies that are admissible in court proceedings.

The Company should also retain the following records required as evidence of compliance with the PMLFTR and for statistical purposes:

  • Internal reports made to the MLRO;
  • A record of any written determinations made by the MLRO and the designated employee, including the reasons for not filing an STR with the relevant authorities;
  • STRs made by the Company to the relevant authorities and any follow-up submissions made in connection thereto;
  • A record of AML/CFT training attended by sole practitioners/provided to employees;
  • Records of conduct certificates or other documentation obtained in carrying out employee screening;
  • Records of any outsourcing agreements entered into and other documentation that provides evidence of the Company’s adherence to its obligations under Chapter 6 of the Implementing Procedures;
  • Records of any reliance agreements entered into and of any related assessments undertaken on the other subject person or third party in terms of Section 4.10 of the Implementing Procedures; and
  • Other important records, including:
    • Any reports by the MLRO or the Monitoring Function made to senior management for the purposes of complying with the obligations under the regulations, such as recommendations on internal procedures, correspondent banking relationships, PEPs, among others;
    • Records of consideration of those reports made to senior management and of any action taken as a consequence thereof;
    • Records of any internal audit reports or assessments dealing with AML/CFT issues; and
    • Any other records that are necessary to demonstrate compliance with the obligations under the regulations and any Implementing Procedures.

The above records and documents will be retained for a period of at least 7 years.