Menu
1. In its business operations, WINTERFOX SOLUTIONS POLAND Sp. z.o.o. provides services that could potentially be misused by customers for legitimizing proceeds from criminal activities or financing terrorism. To effectively mitigate, reduce, or prevent such illicit activities, the legal regulations of the Republic of Poland impose numerous obligations on WINTERFOX SOLUTIONS POLAND Sp. z.o.o..
2. In response, WINTERFOX SOLUTIONS POLAND Sp. z.o.o. has established this binding document – the System of Internal Regulations, Procedures, and Control Measures – to incorporate these mandatory requirements into the services it offers. Simply put, the legitimization of criminal proceeds (commonly referred to as “money laundering”) involves customers using WINTERFOX SOLUTIONS POLAND Sp. z.o.o.’s services to conceal the illicit origin of their assets or make them harder to trace.
3. The methods used for money laundering are often similar to those used for financing terrorism, which requires tackling both issues through almost identical means. Comparable regulations apply to similar businesses in Poland and abroad, as money laundering and terrorism financing are international problems.
4. Additionally, WINTERFOX SOLUTIONS POLAND Sp. z.o.o. is required to implement sanction measures, like other companies, imposed by the Republic of Poland on various individuals and entities. This includes conducting regular checks to determine whether a customer is subject to international sanctions and adhering to the procedures outlined in this document.
5. WINTERFOX SOLUTIONS POLAND Sp. z.o.o. Spółka z ograniczoną odpowiedzialnością (hereinafter: “WINTERFOX SOLUTIONS POLAND Sp. z.o.o.”), is legal entity incorporated by law of Republic of Poland and entered into Commercial Register under KRS number: 0000984493, held by District Court for the city ADDRESS.
6. The issue of anti-money laundering and counteracting terrorism has been regulated in:
7. Money laundering shall be understood as the act referred to in Article 299 of the Act of 6 June 1997 – Polish Penal Code, that is:
Art. 299
§1. Anyone who receives, transfers or transports abroad, or assists in the transfer of title or possession of legal tender, securities or other foreign currency values, property rights or real or movable property obtained from the profits of offences committed by other people, or takes any other action that may prevent or significantly hinder the determination of their criminal origin or place of location, their detection or forfeiture, is liable to imprisonment for between six months and eight years.
§2. Anyone who, as an employee of a bank, financial or credit institution, or any other entity legally obliged to register transactions and the people performing them, unlawfully receives a cash amount of money or foreign currency, or who transfers or converts it, or receives it under other circumstances raising a justified suspicion as to its origin from the offences specified in §1, or who provides services aimed at concealing its criminal origin or in securing it against forfeiture, is liable to the penalty specified in §1.
8. Terrorist financing shall be understood as the act referred to in Article 165a of the Act of 6 June 1997 – Polish Penal Code; that is:
Art. 165a
Anyone who collects, transfers or offers means of payment, financial instruments, securities, foreign exchange, property rights or other movable or immovable property in order to finance a terrorist offence is liable to imprisonment for between two and 12 years.
9. The purpose of money laundering is to move the proceeds of criminal activity into the legitimate financial system and business cycle. Specific legal criteria for when money laundering is considered an offense are outlined in the Law.
10. The money laundering process consists of three stages: placement, layering, and integration:
11. a. Placement: Involves introducing cash or other physical assets obtained from illegal activities into financial or non-financial institutions.
12. b. Layering: This stage separates criminal proceeds from their source by using layers of complex financial transactions designed to obscure the audit trail, conceal the origin of the funds, and provide anonymity.
13. c. Integration: Laundered funds are reintroduced into the economy, appearing as legitimate funds within the financial system. Financial and non-financial institutions may be exploited at any stage of the money laundering process.
14. Money laundering is considered an offense regardless of whether the specific crime from which the funds originated has been identified.
15. Terrorist financing involves the collection or transfer of funds or other assets, directly or indirectly, with the intent (or knowledge) that they will be used in whole or in part for terrorist acts or related activities. The financing of the manufacture, storage, transfer, use, or distribution of weapons of mass destruction (referred to as proliferation) involves the direct or indirect collection or transfer of funds or assets, with the intention or knowledge that they will be used for proliferation.
16. Virtual currencies are rapidly evolving and represent a form of digital innovation. However, they pose a risk of being used by terrorist organizations to bypass the traditional financial system and hide transactions, as they can be conducted anonymously. WINTERFOX SOLUTIONS POLAND Sp. z.o.o. engages in providing services related to virtual assets.
17. Under the Polish AML Act, WINTERFOX SOLUTIONS POLAND Sp. z.o.o.’s activities, such as the exchange between virtual currencies and payment methods, classify it as an “obligated entity” according to Article 2, point 1, section 12, letter a of the Polish AML Act. The General Inspector of Financial Information (GIIF), located at Świętokrzyska 12 Street, 00-916, Łódź, Republic of Poland, is the authority responsible for overseeing compliance with laws on combating money laundering and terrorist financing.
18. This Policy sets out the minimum standards for internal KYC (Know Your Customer) and AML (Anti-Money Laundering) controls that WINTERFOX SOLUTIONS POLAND Sp. z.o.o. will follow to mitigate legal, regulatory, reputational, operational, and financial risks.
19. The key objectives of this Policy are:
20. a) To prevent WINTERFOX SOLUTIONS POLAND Sp. z.o.o. from being used, knowingly or unknowingly, for money laundering or terrorist financing;
21. b) To enable WINTERFOX SOLUTIONS POLAND Sp. z.o.o. to better understand its customers, their financial background, and sources of funds, helping to manage risks effectively;
22. c) To ensure compliance with all applicable laws and regulations, with regular reviews and updates to maintain relevant policies, procedures, and internal controls;
23. d) To establish appropriate controls for detecting and reporting suspicious activities in line with legal and regulatory requirements;
24. e) To provide WINTERFOX SOLUTIONS POLAND Sp. z.o.o. personnel with the necessary training and tools for handling KYC/AML procedures and reporting obligations.
25. This Policy and the defined KYC and AML procedures are regularly reviewed and updated, particularly in response to changing risk factors related to customers, countries or regions, products, services, transactions, or delivery channels, in accordance with Article 27, point 3 of the Polish Act of 1st March 2018 on counteracting money laundering and financing terrorism, and in line with industry standards and international regulations aimed at preventing illicit activities.
26. Terms used below shall have the following meaning in whole AML Policy and Annexes:
27. Individuals considered politically exposed persons (PEP) are those holding prominent positions or public functions, including:
28: Family members of a politically exposed person – this shall be understood as:
29. Persons known to be close associates of a politically exposed person – this shall be understood as:
30. In order to establish whether a natural person Customer or a beneficial owner is a PEP WINTERFOX SOLUTIONS POLAND Sp. z.o.o. executes determinations as follows:
Pre-Business Relation Establishment Procedure
31. If it is determined that the customer is a Politically Exposed Person (PEP), the establishment of the business relationship requires approval from WINTERFOX SOLUTIONS POLAND Sp. z.o.o.’s statutory authority, including in cases where the customer is a legal entity subject to PEP-related obligations. Only after the full completion of the outlined procedure (and based on the resulting assessment) is the employee authorized to act on behalf of WINTERFOX SOLUTIONS POLAND Sp. z.o.o. to establish the business relationship, allowing the company to begin providing services within the framework of that relationship.
Once a customer expresses interest in establishing a business relationship with WINTERFOX SOLUTIONS POLAND Sp. z.o.o., the following steps must be strictly followed by the designated employee responsible for managing the process:
Authorized Persons for Business Relation Establishment on Behalf of the Customer
33. Only the customer, or a person authorized by the customer, their statutory representative, or guardian is allowed to manage matters related to establishing a business relationship. This encompasses the customer personally, their statutory authority or a member of that authority, or an authorized representative.
34. Authorization is confirmed by a power of attorney that features the legalized signature of the donor or a notarized copy. The document should include the identification details of both the donor and the representative, as well as the extent of the representative’s authority. The original or notarized copies of this power of attorney must be kept.
35. Verification of statutory representation requires a relevant document, such as a birth certificate for cases where a parent represents a child. If a different statutory representative or guardian is involved, their authority to represent the customer must be verified by a court decree. WINTERFOX SOLUTIONS POLAND Sp. z.o.o. is not required to retain these documents, but if a court decree is provided, the file number must be recorded.
Customer’s Obligation to Provide Cooperation
36. The customer must fully cooperate during the initial identification process and provide all necessary information and documents required for completing the procedures outlined in this chapter.
Verification of Information in Case of Doubts
37. If there are any doubts about the information or data obtained during customer identification or screening, the employee must promptly verify this information. Verification can be done using publicly available sources or by contacting the customer for further explanations and any additional required documents.
Assessment of Customer’s Behavior
38. While carrying out the procedures described in this chapter and during negotiations with the customer, the employee must continuously assess whether the customer’s behavior suggests any suspicious business activity.
Handling of Customer’s Concealment of Third-Party Representation
39. If an employee suspects that the customer is not acting on their own behalf or is concealing that the business relationship is intended to benefit a third party, the employee must refuse to establish the business relationship.
Customer identification – KYC Procedure
40. To establish a business relationship with WINTERFOX SOLUTIONS POLAND Sp. z.o.o., customers must undergo a specific identity verification process.
41. The purpose of this section is to ensure proper identification and verification of customers involved in transactions, as well as to provide ongoing monitoring of business relationships.
42. This includes oversight of transactions during the business relationship, regular data verification, updating of relevant documents and information, and when necessary, identifying the source and origin of funds used in transactions.
43. Customer due diligence is a key tool for ensuring compliance with legislation aimed at preventing money laundering and terrorist financing, while also promoting sound business practices.
44. Customer due diligence consists of a set of activities and practices based on WINTERFOX SOLUTIONS POLAND Sp. z.o.o.’s organizational and functional structure. These are outlined in internal procedures approved by the company’s governing bodies and are subject to control systems established under internal control rules.
45. The purpose of customer due diligence is to prevent the use of assets or property obtained through criminal means in the economic activities of credit and financial institutions. This aims to prevent the misuse of the financial system and economic environment of the Republic of Poland for money laundering or terrorist financing. At its core, customer due diligence enforces the Know-Your-Customer (KYC) principle, ensuring customers are properly identified and transactions are assessed in relation to their main business activities and payment patterns. It also helps to identify unusual circumstances that might raise suspicions of money laundering or terrorist financing.
46. Customer due diligence ensures the implementation of appropriate risk management measures, facilitating continuous monitoring of customers and their transactions, and the collection and analysis of relevant information. WINTERFOX SOLUTIONS POLAND Sp. z.o.o. follows principles aligned with its business strategy and applies customer due diligence according to the level of risk determined by prior analysis, adjusting the extent of due diligence accordingly.
47. Customer due diligence is applied on a risk-sensitive basis. This means the nature of the business relationship or transaction, along with the associated risks, are taken into account when selecting and applying measures. Risk-based customer due diligence involves assessing the specific risks of a business relationship or transaction and, based on that assessment, determining the appropriate due diligence measures (e.g., normal, enhanced, or simplified).
48. When establishing a business relationship, WINTERFOX SOLUTIONS POLAND Sp. z.o.o. will identify the person involved and verify their right to representation using reliable sources. Additionally, it will identify the beneficial owner, understand the control structure of companies, and determine the nature and purpose of potential transactions. This may also include identifying the source and origin of funds involved.
49. Customer due diligence measures are considered appropriate and sufficient if they enable the identification of transactions that may be linked to money laundering or terrorist financing, as well as unusual or suspicious transactions. These measures also seek to flag transactions that lack a reasonable financial purpose or contribute to achieving these goals.
50. If the risk associated with a business relationship is low, and national legislation allows, WINTERFOX SOLUTIONS POLAND Sp. z.o.o. applies standard customer due diligence (CDD) measures. However, if the risk is elevated, WINTERFOX SOLUTIONS POLAND Sp. z.o.o. implements enhanced customer due diligence (EDD) measures.
The AML regulations identify a category of individuals generally considered to present a low risk due to oversight by regulatory authorities. As a result, WINTERFOX SOLUTIONS POLAND Sp. z.o.o. is not required to carry out the identification and verification processes outlined in the (Natural Person Customer Identification) Chapter and (Business Entity Customer Identification) Chapter for these individuals.
51. These individuals include:
52. National risk factors encompass:
53. In the event that an employee suspects a customer’s classification within this category, the following procedures must be adhered to:
54. Keeping a thorough record of the entire verification process, including details of who performed it, when it was conducted, and the basis for the verification, is essential and should be maintained as part of customer-related documentation.
55. Additionally, throughout the business relationship, regular checks must be carried out to ensure that the customer remains eligible for simplified verification and customer checks. If any conditions are violated, simplified procedures cannot be used, and the necessary procedures must be completed before providing further services to the customer.
56. The use of simplified identification and verification procedures does not exempt the company from other obligations outlined in this document, specifically the responsibility to evaluate whether the services provided to the customer display characteristics of suspicious transactions.
57. The Risk Assessment document might contain restrictions on applying exceptions from identification and verification for certain customer types, services, and usage methods. Employees must comply with these limitations.
58. The 59. WINTERFOX SOLUTIONS POLAND Sp. z.o.o.’s AML regulations identify specific factors that indicate elevated client risks, requiring the implementation of increased identification and verification measures.
59. The Management Board and the MLRO are the key authorities within WINTERFOX SOLUTIONS POLAND Sp. z.o.o. responsible for endorsing Enhanced Due Diligence (EDD) procedures.
60. Enhanced identification and verification are necessary under the following circumstances:
61. During enhanced identification and verification, WINTERFOX SOLUTIONS POLAND Sp. z.o.o. shall, as necessary to effectively manage identified risks, surpass measures applied in standard customer identification and verification by:
62. Procuring additional documents or information regarding:
63. To enter into business relation with WINTERFOX SOLUTIONS POLAND Sp. z.o.o. Customer who is natural person has to provide following data:
64. Customers are required to provide their identification information and other details such as address verification documents and payment method information to WINTERFOX SOLUTIONS POLAND Sp. z.o.o. during the registration process in the WINTERFOX SOLUTIONS POLAND Sp. z.o.o. System. Alternatively, they can provide this information to the AML Specialist upon request by the AML Specialist.
65. Verification of identity is required by obtaining a high-resolution, non-expired copy of the Customer’s government-issued ID:
66. Natural person should submit a national identity document issued by the resident country, or equivalent identity document, or identity document, which is valid for entry into the country there identification are taken.
67. The WINTERFOX SOLUTIONS POLAND Sp. z.o.o. verifies the correctness of the data specified in this section, using information originating from a credible and independent source for that purpose.
68. The AML Specialist using the Document Verification System provided by Sum And Substance Ltd (UK) (https://sumsub.com/) shall perform the following checks:
69. After providing of necessary information the WINTERFOX SOLUTIONS POLAND Sp. z.o.o.’s partner SumSub makes checks in Global Watchlist (https://sumsub.com/knowledgebase/global-watchlist-screening/).
70. The partner utilizes a comprehensive database containing various lists from around the world to conduct regular identity checks on individuals suspected of illegal activities such as terrorism, money laundering, fraud, or being a politically exposed person (PEP). These lists are sourced from domestic and international governmental, law enforcement, and regulatory databases, and they store information on individuals prohibited from certain industries, including finance and healthcare. This includes individuals such as specially designated nationals, terrorists, narcotics traffickers, money launderers, blocked persons, parties subject to economic sanctions, and those involved in the proliferation of weapons of mass destruction.
71. If the customer wishes to continue their collaboration with WINTERFOX SOLUTIONS POLAND Sp. z.o.o., they are required to undergo a full verification process and provide all requested documents.The potential or existing Customer shall present identity (personal) documents to the WINTERFOX SOLUTIONS POLAND Sp. z.o.o.:
73. The Customer’s personal identity document and other documents submitted to WINTERFOX SOLUTIONS POLAND Sp. z.o.o. must meet the following criteria:
73. In order to establish a business relationship with WINTERFOX SOLUTIONS POLAND Sp. z.o.o., a legal entity or an organization with legal capacity must provide the following information:
74. WINTERFOX SOLUTIONS POLAND Sp. z.o.o. confirms the legal status of the legal entity by examining the relevant documentation, including:
75. WINTERFOX SOLUTIONS POLAND Sp. z.o.o. verifies that any person purporting to act on behalf of the legal person / entity is properly authorized.
76. When all required documents are received from the Customer, the AML Specialist shall perform a Customer’s documents verification against the Document Verification System provided by Sum And Substance Ltd (UK) (https://sumsub.com/).
77. The AML Specialist, utilizing the Document Verification System provided by Sum And Substance Ltd (UK) (https://sumsub.com/), will conduct the following verifications:
78. Upon detecting any issues with the verification of documents, the AML Specialist will:
79. Natural persons acting on behalf of the Customer (UBO, directors, etc.) are automatically screened as part of the general KYC process. The process involves checking state and public registers, corporate documents provided by the legal entity, and open sources. It begins with collecting basic information about WINTERFOX SOLUTIONS POLAND Sp. z.o.o. (registration number, address, etc.) and then verifies the control and beneficial ownership structure while simultaneously validating the uploaded documents for their accuracy and completeness. The list of accepted documents depends on the jurisdiction of the legal entity. Additionally, AML screening is automatically carried out, including checks against sanction lists, adverse media, and blacklisting.
80. The relevant Customer’s excerpt from the register displays the current authorized representatives of WINTERFOX SOLUTIONS POLAND Sp. z.o.o.. To ensure the extract is up-to-date, it should not be older than 6 months. If the present register extract is older, the AML Specialist must verify its content online and compare it with the information received from the Customer.
81. The AML Specialist contacts the Customer to ascertain the reasons for any discrepancies revealed during verification. Unless the Customer can provide a logical and reliable explanation for such discrepancies, the AML Specialist will decline to establish business relations with the Customer.
82. The AML Specialist verifies the data within the documents submitted to WINTERFOX SOLUTIONS POLAND Sp. z.o.o. by legal entities (Customers from other countries if relevant information is available from the European Business Register) against the information contained in the European Business Register database at https://www.ebr.org/ or other foreign registers available to WINTERFOX SOLUTIONS POLAND Sp. z.o.o..
83. Data from the specified registers (databases) will be printed out as part of the verifications mentioned above and will be saved as electronic Customer files in the WINTERFOX SOLUTIONS POLAND Sp. z.o.o. System.
84. Measures are taken by WINTERFOX SOLUTIONS POLAND Sp. z.o.o. to identify the beneficial owner(s) of the contractor and verify their identity by obtaining the required data outlined in this Policy.
85. If a business relationship is established or occasional transactions are conducted with a contractor that is mandated to register information about beneficial owners, WINTERFOX SOLUTIONS POLAND Sp. z.o.o. must obtain confirmation of the registration or a copy from the Polish Central Register of Beneficial Owners or the relevant register maintained in a Member State.
86. The term “beneficial owner” denotes a natural person or persons who, through legal or factual circumstances, have the power to significantly influence the actions of a contractor, or on whose behalf business relationships are established or occasional transactions are conducted. This includes:
87. Identifying the beneficiary aims to prevent WINTERFOX SOLUTIONS POLAND Sp. z.o.o. from providing services to natural or legal entities intentionally concealing their actual identity under the guise of another entity.
88. The AML Specialist must identify the beneficiary before establishing business relations by obtaining the minimum information listed in clause 28, using information from the WINTERFOX SOLUTIONS POLAND Sp. z.o.o. System, or using data or documents from the information systems of the Republic of Poland or another country, including information from the Polish Central Register of Beneficial Owners: https://crbr.podatki.gov.pl/. However, WINTERFOX SOLUTIONS POLAND Sp. z.o.o. should not rely exclusively on information from the Polish Central Register of Beneficial Owners or the registers referred to in Directive 2015/849 maintained in the relevant Member State.Using the data or documents from the information systems of the Republic of Poland or another country, in particular information from Polish Central Register of Beneficial Owners: https://crbr.podatki.gov.pl/, however WINTERFOX SOLUTIONS POLAND Sp. z.o.o. shall not rely exclusively on the information from the Polish Central Register of Beneficial Owners or the register referred to in Article 30 or 31 of Directive 2015/849 maintained in the relevant Member State;
89. In accordance with the provisions hereof, the Responsible Officer shall take all and any steps required, useful, feasible and reasonable to identify the Beneficiaries of the potential and existing Customers. The AML Specialist shall identify the Beneficiary of the Customer as well as the Beneficiary from one or more related financial transactions if different from the Beneficiary identified earlier.
90. The AML Specialist shall perform the steps again described in the AML Policy for identification of the Beneficiary whenever there are grounds to suspect that:
91. When deemed reasonable, proportional, and useful in a specific instance, the AML Specialist may request one or more of the following documents or information regarding the Beneficiary:
92. If the AML Specialist finds it appropriate, the AML Specialist may:
93. After reviewing the information provided by the Customer and other sources about the declared Beneficiary, the AML Specialist will assess:
94. Employees of WINTERFOX SOLUTIONS POLAND Sp. z.o.o. will accept the following types of identity documents (certificates of identity) primarily for identification purposes:
95. In addition to the mentioned identity documents, employees may accept another identity card issued by a public authority for identification, as long as it is valid at the time of identification, contains images, and at least some of the authorized holder’s identification data.
96. When a customer shows an identity card with any of the following characteristics, the employee will refuse to use it for identification and will ask for an alternative identity card:
97. If the employee is unsure about the validity or authenticity of the presented identity card, they can check authenticity and security features against forgery using the online system “PRADO – public registry of valid identity cards and passports.” This system can be accessed for free at http://prado.consilium.europa.eu/. Additionally, the system provides links to national websites of document issuers, allowing verification of whether the document is reported as stolen, missing, or otherwise invalidated.
WINTERFOX SOLUTIONS POLAND Sp. z.o.o. undertakes enhanced financial security measures in the cases of higher risk of money laundering or terrorist financing; business relations with Politically Exposed Persons (PEP).
98. Indicators of a higher risk of money laundering and terrorist financing include the following:
99. Before implementing Enhanced Due Diligence (EDD) measures, the Employee at WINTERFOX SOLUTIONS POLAND Sp. z.o.o. must first confirm that the Business Relationship or transaction presents a high risk, justifying the use of these measures.
100. The Employee should then assess whether specific risk factors are present, considering each factor individually as a basis for applying EDD to the Customer.
101. When initiating a cross-border correspondent relationship with a financial institution based in a Third Country, WINTERFOX SOLUTIONS POLAND Sp. z.o.o. must take the following steps:
102. For transactions or Business Relationships involving Politically Exposed Persons (PEPs), their family members, or close associates, WINTERFOX SOLUTIONS POLAND Sp. z.o.o. must:
104. In other cases requiring EDD measures, the Employee is responsible for determining the appropriate scope of these measures. Additional actions may include:
105. The Employee must notify the Money Laundering Reporting Officer (MLRO) within two working days of initiating EDD measures, particularly if triggered by suspicions of money laundering (ML), terrorist financing (TF), or other illicit activities related to a customer profile. When EDD measures are in place, WINTERFOX SOLUTIONS POLAND Sp. z.o.o. reviews the Customer’s risk profile at least every six months.
106. The purpose of the preliminary customer assessment is to collect essential information in order to evaluate:
107. The employee conducting the preliminary examination will:
108. If the customer is acting on behalf of another person, the employee must examine and document the activities, ownership, management structure, and beneficial owners of the represented person, as though they were the customer. Representation documents must also be obtained.
109. The employee collects the required data primarily through independent research, available documentation, and customer-provided statements.
110. The purpose of the business relationship is typically derived from customer interviews or declarations.
111. The source of funds is usually inferred from financial documents such as accounting records, annual reports, and trade licenses. The employee must ensure that sufficient information is obtained to verify the legitimacy and feasibility of these sources.
112. Information on nationality, residency for individuals, and registered office locations for legal entities can be sourced from the customer’s website or statements.
113. Ownership, management structure, and beneficial ownership details are collected from publicly available information or customer statements. If these are not available, the employee may request formal declarations or proofs from the customer, documenting how the information was acquired.
114. If there are concerns regarding the accuracy or completeness of customer-provided data, the employee should request supporting documents, such as accounting records, bank statements, or confirmations from relevant authorities.
115. Only original documents or certified copies are accepted, and permanent copies of these documents must be maintained.
116. The Risk Assessment document may define the level of detail and reliability required for different types of customers, services, or delivery methods. It serves as a guide for employees to determine the appropriate level of information and document reliability for each case.
117. Before entering into any business relationship, the employee is responsible for creating a distinct risk profile for the customer.
118. If a prior business relationship exists and is ongoing (with the customer using other services), the risk profile will be updated when any new business dealings are established.
119. The risk profile includes all information available to WINTERFOX SOLUTIONS POLAND Sp. z.o.o. about the customer, encompassing details from the initial identification process and checks. It also incorporates additional information gathered by the employee, as well as any data from previous business relationships that have ended.
120. All data is securely stored in encrypted format on servers located in Uptime Institute-certified Tier III data centers, which meet TIA-942 and PCI DSS standards. These centers are both technically and physically protected 24/7 by audited security personnel. Data is transmitted via a secure channel with cryptographic encryption based on the TLS 1.2 protocol, and decryption keys are stored separately. Sum and Substance Ltd, registered with the Information Commissioner’s Office in accordance with the Data Protection Act 2018, enables 256-bit TLS encryption on all devices. All sensitive customer data is stored and encrypted on Sum and Substance Ltd servers, with WINTERFOX SOLUTIONS POLAND Sp. z.o.o. not retaining customer data on its own servers. WINTERFOX SOLUTIONS POLAND Sp. z.o.o. receives webhook notifications from Sum and Substance Ltd about changes in applicant status (e.g., verified or denied), but not the sensitive customer data itself.
121. The customer’s risk profile represents an evaluation of the potential risk they pose in using WINTERFOX SOLUTIONS POLAND Sp. z.o.o.’s services for money laundering or terrorism financing.
122. Based on identified risk factors, customers are classified into the following categories:
123. The risk profile plays a critical role in two areas: it determines the frequency and intensity of actions outlined in this document and provides essential information when evaluating suspicious transactions.
124. Risk factors pertain to customer attributes, the products offered, or the methods of service delivery that heighten the risk of WINTERFOX SOLUTIONS POLAND Sp. z.o.o.’s services being used for money laundering or terrorism financing.
125. Depending on the presence or absence of these risk factors, customers are categorized into Risk Profiles 1, 2, 3, 4, or 5.
126. Risk Profile 1 is assigned to customers who do not exhibit any risk factors that would qualify them for Risk Profiles 2, 3, 4, or 5.
127. A customer with Risk Profile 1 presents minimal to negligible risk to WINTERFOX SOLUTIONS POLAND Sp. z.o.o. concerning money laundering and terrorist financing if:
128. Risk Profiles 2, 3, or 4 are assigned if no risk factors categorize the customer as Risk Profile 5, and if any risk factors outlined in the Risk Assessment document for types 2, 3, or 4 are present.
129. A customer with Risk Profile 2 poses a low risk to WINTERFOX SOLUTIONS POLAND Sp. z.o.o. concerning money laundering and terrorist financing. To qualify for this profile, the customer must:
130. A customer with Risk Profile 3 presents a moderate risk of money laundering and terrorist financing. To qualify for this profile, the customer must:
131. A customer with Risk Profile 4 poses a high risk to WINTERFOX SOLUTIONS POLAND Sp. z.o.o. regarding money laundering and terrorist financing and is subject to enhanced due diligence.
132. Customers with Risk Profiles 2, 3, or 4 represent potential risks for WINTERFOX SOLUTIONS POLAND Sp. z.o.o. concerning the legalization of proceeds from crime and terrorist financing. Therefore, all employees, including the AML officer, must:
133. A customer is assigned Risk Profile 5 if any risk factors listed in the Risk Assessment document are present, making the customer unacceptable.
134. Customers with Risk Profile 5 pose an extremely high risk to WINTERFOX SOLUTIONS POLAND Sp. z.o.o. regarding proceeds from crime and terrorist financing. A customer assigned Risk Profile 5 will not have a business relationship established or maintained, and no services will be provided. It is presumed that the customer no longer meets the eligibility criteria.
135. In such cases, the AML officer will ensure the termination of the business relationship or refusal to provide services. The AML officer will promptly take all necessary steps to ensure effective and legal termination, preventing the provision of any new services until the termination process is completed.
136. Additionally, special attention must be given to assessing whether the customer’s behavior indicates suspicious activity, according to the Screening of Transactions section.
137. WINTERFOX SOLUTIONS POLAND Sp. z.o.o. will not enter into business relationships with customers from high-risk third countries or with entities registered in such countries. A high-risk third country is defined as one identified based on reliable sources, including evaluations by the Financial Action Task Force (FATF) and related bodies, as lacking an effective system for combating money laundering or terrorist financing, or having significant deficiencies in its anti-money laundering (AML) or counter-terrorism financing (CTF) systems. This includes countries identified by the European Commission in the delegated act adopted under Article 9 of Directive 2015/849. For more information, refer to the European Commission’s website: https://finance.ec.europa.eu/financial-crime/high-risk-third-countries-and-international-context-content-anti-money-laundering-and-countering_en
138. On January 7, 2022, the European Commission adopted a new Delegated Regulation concerning third countries with strategic deficiencies in their AML/CTF regimes that pose significant threats to the Union’s financial system. This identification is mandated by Article 9 of Directive (EU) 2015/849 (4th Anti-Money Laundering Directive) to protect the Union’s financial system and ensure the proper functioning of the internal market. The new Delegated Regulation amends Delegated Regulation (EU) 2016/1675.
139. WINTERFOX SOLUTIONS POLAND Sp. z.o.o. will not establish business relationships with customers residing in the United States.
140. The complete list of prohibited industries and jurisdictions is detailed in the Prohibited Countries section.
141. WINTERFOX SOLUTIONS POLAND Sp. z.o.o. will refuse to establish a business relationship with a customer under the following conditions:
142. When a business relationship is declined, employees must closely assess whether the customer’s behavior exhibits characteristics typical of suspicious business activities.
143. The Risk Assessment document may outline additional circumstances under which business relationships will not be established for certain types of customers, services, or methods of service provision. It may also set criteria for customer acceptance, defining features of customers ineligible for specific services or service types. Employees are required to comply with this extended list of criteria.
144. WINTERFOX SOLUTIONS POLAND Sp. z.o.o. undertakes continuous monitoring of customer business relationships, which includes:
145. WINTERFOX SOLUTIONS POLAND Sp. z.o.o. will ensure compliance with legal requirements and adhere to the Know Your Customer (KYC) principle to minimize the risk of money laundering and terrorism financing.
146. Customer monitoring will be carried out by the AML Specialist in collaboration with all employees assigned to these duties according to the Internal Regulatory Documents.
147. Customer monitoring will include:
148. Monitoring of customer financial transactions will follow the AML Policy. The AML Specialist will select customers for monitoring each day.
149. The AML Specialist will review customer identification under the AML Policy if:
150. Ongoing customer monitoring and document updates will be conducted based on the customer’s category or status:
151. The AML Specialist will update the customer file through the following steps:
152. During the customer file review, the AML Specialist will ensure that all required documents and information are present according to the AML Policy and Internal Regulatory Documents.
153. When checking the customer data in the WINTERFOX SOLUTIONS POLAND Sp. z.o.o. System, the AML Specialist will:
154. The AML Specialist will focus on:
155. Based on the customer file and financial transaction reports (stored electronically), the AML Specialist will prepare an assessment or opinion.
156. Following the assessment or opinion, the AML Officer will decide to:
157. If the AML Officer decides to continue the business relationship with the customer and assign a high-risk status, additional documents or information will be requested from the customer as required by the Internal Regulatory Documents.
158. If the decision is to terminate the business relationship, the termination will be executed according to the AML Policy.
159. If WINTERFOX SOLUTIONS POLAND Sp. z.o.o. requests documents or information from the customer, the request will be clearly formulated to address aspects related to understanding the customer’s economic or personal activities, identifying the customer’s beneficiary, and making decisions about the business relationship.
160. Customers with a turnover equivalent to or exceeding EUR 15,000 must provide a written confirmation of the legitimacy of their capital or assets, including a description of the sources of origin, upon request by the AML Specialist.
161. The AML Specialist will prepare a request for information including:
162. The customer must respond to the request for documents and information within 10 working days from the request date.
163. This deadline may be extended or shortened if deemed necessary and feasible by the AML Officer.
164. The AML Officer will ensure compliance with the deadline specified in the request for submitting documents and information.
165. The customer may submit the requested documents and information to WINTERFOX SOLUTIONS POLAND Sp. z.o.o. via:
166. Upon receipt of the requested documents and information, the AML Officer will promptly (within the next business day) verify:
167. If the submitted documents and information do not meet the request requirements, regulatory standards, or Internal Regulatory Documents, the AML Specialist will request corrections from the customer within three business days and notify the AML Officer immediately (within the next business day) via email.
168. If the customer fails to address the identified deficiencies within the given period, the AML Officer will forward the received documents to the AML Officer on the next business day after the deadline.
169. If the customer does not meet the request for documents and information or fails to correct identified deficiencies within the specified time, the AML Specialist will email a report to the AML Officer, including:
170. If the AML Officer finds that the customer’s response is insufficient or non-compliant, they will:
171. If the customer does not respond to the request or fulfill all requirements, the AML Specialist will obtain approval and instructions from the AML Officer using the “reply” function via email.
172. Monitoring also involves identifying expired documents, changes in WINTERFOX SOLUTIONS POLAND Sp. z.o.o.’s structure, changes in address or business location, and determining if the customer has become politically exposed, sanctioned, or involved in high-risk activities. Changes in the customer profile may lead to an increased risk category, requiring enhanced security measures.
173. When sanctions are enacted, modified, or lifted, WINTERFOX SOLUTIONS POLAND Sp. z.o.o. will verify whether the customer, their beneficial owner, or anyone seeking to engage in a business relationship or transaction with them is subject to those sanctions.
174. If WINTERFOX SOLUTIONS POLAND Sp. z.o.o. identifies an individual who is under sanctions or detects a transaction by them that violates sanctions, it will take the necessary actions and notify the GIIF within 2 business days after implementing the sanctions.
175. WINTERFOX SOLUTIONS POLAND Sp. z.o.o. will leverage third-party provider sources, including global sanctions lists, to determine whether the customer is associated with any sanctions.
176. In addition to these sources, WINTERFOX SOLUTIONS POLAND Sp. z.o.o. may utilize other resources as deemed appropriate by the employee responsible for conducting customer due diligence (CDD) measures.
177. To verify that individuals flagged in sanctions notifications are accurately identified, their personal data will be cross-checked. For legal entities, this involves verifying the name or trademark, registry code or registration date, while for individuals, it involves confirming their name, personal identification number, or date of birth.
178. To ensure precise identity matching, WINTERFOX SOLUTIONS POLAND Sp. z.o.o. will account for factors that might alter personal data, such as variations in the transcription of foreign names, changes in word order, diacritical marks, or the use of double letters.
179. Continuous verification will be carried out throughout the business relationship. Daily screenings will be conducted for all active customers, regardless of their risk profile.
180. If an employee suspects that an individual might be subject to sanctions, they must immediately notify the MLRO or a member of the Management Board. The MLRO or Management Board member will then determine whether to request additional information from the individual or to notify the GIIF without delay.
181. WINTERFOX SOLUTIONS POLAND Sp. z.o.o. will primarily gather additional information independently about individuals involved in a business relationship or transaction, or those seeking to establish such a relationship, using reliable and independent sources. If this information is not accessible, WINTERFOX SOLUTIONS POLAND Sp. z.o.o. will request it from the involved individuals and assess their responses.
182. If a WINTERFOX SOLUTIONS POLAND Sp. z.o.o. employee finds that a customer involved in a business relationship or transaction, or an individual seeking to initiate such a relationship or transaction, is subject to sanctions, they must immediately notify the MLRO or a member of the Management Board. The MLRO or Management Board member will then halt the transaction, implement the necessary actions as required by the sanctions regulations, and promptly report their actions and concerns to the GIIF.
183. When identifying subjects of sanctions, it is crucial to determine the specific measures applicable to them, as outlined in the legislation enforcing the sanctions. Accurate identification of the sanctions imposed is essential to ensure that lawful and appropriate measures are implemented.
184. The company shall conduct daily ongoing screening for all active customers using the following sanction lists and watchlists:
185. To maintain regulatory standards and mitigate AML/TF risks, WINTERFOX SOLUTIONS POLAND Sp. z.o.o. has established a list of high-risk nations and prohibited jurisdictions. As per these guidelines, WINTERFOX SOLUTIONS POLAND Sp. z.o.o. will not onboard customers from any of the prohibited regions.
186. List of High Risk countries:
187. The list of prohibited countries includes jurisdictions with extremely high AML/TF risks, as well as those subject to international sanctions.
188. Therefore, all transactions involving these countries are strictly prohibited. WINTERFOX SOLUTIONS POLAND Sp. z.o.o.’s clients are not allowed to engage in any operations with entities or individuals from these prohibited regions.
Prohibited countries:
189. To comply with regulatory standards and reduce AML/TF risks, WINTERFOX SOLUTIONS POLAND Sp. z.o.o. has established a list of prohibited sectors. Following these guidelines, WINTERFOX SOLUTIONS POLAND Sp. z.o.o. will not onboard customers linked to these restricted industries.
190. The list of prohibited sectors includes:
191. The AML Specialist or AML Officer is responsible for reviewing both ordered and completed transactions of customers to identify any suspicious activity.
192. In line with the AML Policy and Internal Regulatory Documents, the AML Specialist or AML Officer must undertake the following actions:
193. Conduct:
194. Real-time screening involves evaluating transactions before they are completed to prevent individuals subject to international and national sanctions from accessing WINTERFOX SOLUTIONS POLAND Sp. z.o.o.’s services.
195. Automatic real-time screening should occur when:
196. Retroactive searching refers to the post-transaction review process.
197. The AML Specialist, in collaboration with other employees, should conduct retroactive searches to analyze customer transactions.
198. Retroactive searches should be carried out:
199. The AML Specialist will request transaction information from customer support via email when necessary and document these requests in writing.
200. Customer support employees must respond to the AML Specialist’s email requests within the specified timeframe.
201. All requests, responses, and analyses related to transactions will be stored electronically in the customer’s file.
202. Transaction monitoring involves overseeing individual transactions or a series of transactions to prevent money laundering and terrorism financing.
203. This monitoring includes evaluating the relationship between the customer’s economic or personal activity and the transaction’s nature and amount, ensuring no suspicious activity is identified.
204. Transaction monitoring will be supported by various filters integrated into the WINTERFOX SOLUTIONS POLAND Sp. z.o.o. System, both before and after transactions. The Board Member of WINTERFOX SOLUTIONS POLAND Sp. z.o.o. will define and document these filters, while the IT department will ensure their integration.
205. These filters will help employees focus on high-risk transactions requiring manual review before completion.
206. The AML Officer or Board Member, in collaboration with the IT department, will develop the criteria and features for these filters.
207. Special attention should be given to:
208. In cases of uncertainty or doubt, the employee responsible for transaction compliance should seek written approval or a separate written opinion from the AML Officer or Board Member of WINTERFOX SOLUTIONS POLAND Sp. z.o.o..
209. If WINTERFOX SOLUTIONS POLAND Sp. z.o.o. is unable to implement any of the required Customer due diligence measures:
210. WINTERFOX SOLUTIONS POLAND Sp. z.o.o. must terminate business relations with the Customer in accordance with its AML Policy and other Internal Regulatory Documents.
211. If the Anti-Money Laundering and Terrorism Financing Law requires Customer identification, but it is not possible to identify the Customer or the Beneficiary according to AML Policy, the AML Specialist must refuse to provide services, establish business relations, or perform financial transactions with these individuals, and must terminate the business relationship.
212. The AML Specialist must terminate business relations if they are unable to obtain sufficient identification or documentation needed for a thorough investigation. Additionally, in collaboration with a Member of the Board, the AML Specialist will decide on terminating relations with other Customers linked to the same Beneficiaries or on enforcing early obligations.
213. WINTERFOX SOLUTIONS POLAND Sp. z.o.o. must decide to terminate business relations if the minimum due diligence requirements cannot be met within 14 days before fulfilling due diligence conditions.
214. The AML Specialist must draft a decision (in electronic format) regarding the termination of business relations or financial transactions with the Customer and present this draft to a Member of the Board in the following cases:
215. Business relations with the Customer will be terminated based on a decision approved by WINTERFOX SOLUTIONS POLAND Sp. z.o.o. according to the AML Policy and Internal Regulatory Documents or at the Customer’s request.
216. WINTERFOX SOLUTIONS POLAND Sp. z.o.o.’s decision to terminate business relations must include:
217. The termination decision must be approved by a Member of the Board or the AML Officer of WINTERFOX SOLUTIONS POLAND Sp. z.o.o..
218. The termination of business relations will be implemented as follows:
219. If the Employee responsible for Customer service encounters contractual or overdue obligations preventing the termination within the prescribed period, they must immediately report this via email to the AML Specialist who drafted the decision. The AML Specialist will then prepare a revised decision for either extending the termination period or addressing early obligations and present it to a Member of the Board for approval.
220. Business relations with the Customer must be terminated by the end of the working day on the same day the decision is communicated, unless a different period is specified by the AML Policy.
221. If the termination is based on suspected involvement in money laundering, terrorism financing, or fraud, the business relations must be terminated immediately.
222. The Member of the Board may specify alternative termination periods if deemed necessary and feasible by the AML Specialist.
223. The AML Officer who drafts the termination decision may impose restrictions on the Customer’s financial transactions from the date of approval until the termination of cooperation.
224. Upon receiving approval from the AML Officer via email, the AML Specialist will save the approval in electronic format in the Customer file and activate the function in the WINTERFOX SOLUTIONS POLAND Sp. z.o.o. System that blocks employees from performing transactions for the Customer. The AML Officer will notify the servicing Employee via email.
225. Restrictions will be based on:
226. WINTERFOX SOLUTIONS POLAND Sp. z.o.o. will evaluate whether the inability to apply due diligence measures necessitates reporting to the GIIF under Article 74 or Article 86 of the Polish AML Act.
227. The Customer file must contain all documents and information in compliance with the AML Policy, including identification data of the Customer, evidence of the legal capacity and competence of the Customer and their representatives, and any other relevant documents. All these documents should be stored in the Customer File as per the AML Policy and other Internal Regulatory Documents.
228. The Customer File should include:
229. The AML Specialist is responsible for the electronic storage of the following documents in the Customer File, whether initially submitted by the Customer or received subsequently:
230. Additional requirements specified in other Internal Regulatory Documents must also apply to Customer Files.
231. WINTERFOX SOLUTIONS POLAND Sp. z.o.o. may process personal data collected under Polish legislation solely for the purposes of preventing money laundering and terrorist financing. The data must not be used for any purpose other than this, such as marketing.
232. General information on WINTERFOX SOLUTIONS POLAND Sp. z.o.o.’s duties and obligations regarding the processing of personal data for AML/CFT purposes can be found on the WINTERFOX SOLUTIONS POLAND Sp. z.o.o. website in the Privacy Policy section.
233. WINTERFOX SOLUTIONS POLAND Sp. z.o.o. must retain the following documents for 5 years from the date business relationships with a Customer were terminated or occasional transactions were completed:
234. Before the expiration of the retention period described in points a and b of this section, the General Inspector may require the retention of the documentation for an additional period of up to 5 years, if necessary to combat money laundering or terrorist financing.
235. WINTERFOX SOLUTIONS POLAND Sp. z.o.o. shall designate senior management members responsible for fulfilling the obligations set forth by the Polish AML Act. If a management board or other governing body is in place, a member from such a body will be appointed to oversee these obligations.
236. WINTERFOX SOLUTIONS POLAND Sp. z.o.o. will appoint an AML Officer—a senior management employee tasked with ensuring that the institution and its employees comply with regulations concerning money laundering and terrorist financing.
237. The AML Officer is responsible for submitting the following notifications on behalf of WINTERFOX SOLUTIONS POLAND Sp. z.o.o., as required by the Polish Act of 1st March 2018 on counteracting money laundering and financing terrorism:
238. The AML Officer is also responsible for preparing and submitting a quarterly statistical report to the GIIF.
239. WINTERFOX SOLUTIONS POLAND Sp. z.o.o. must provide the General Inspector with information regarding:
240. The obligation to report information also applies to funds transfers from outside Poland if the payment service provider is an obliged institution.
241. WINTERFOX SOLUTIONS POLAND Sp. z.o.o. must provide this information within 7 days from:
242. The information provided must include:
243. WINTERFOX SOLUTIONS POLAND Sp. z.o.o. must notify the General Inspector of any circumstances that might indicate money laundering or terrorist financing.
244. Specific reporting procedures for the AML Officer, AML Specialist, and WINTERFOX SOLUTIONS POLAND Sp. z.o.o. employees are detailed in Annex No 3, “Reporting to the regulatory body.”
245. As part of WINTERFOX SOLUTIONS POLAND Sp. z.o.o.’s Anti-Money Laundering (AML) program, all employees must be fully informed about AML policies. Employees are required to read, understand, and acknowledge these policies by signing an acknowledgment form. Additionally, employees must reaffirm their understanding of the AML policies by signing the acknowledgment form every four months.
246. New hires receive AML training as part of the mandatory onboarding process. Additionally, all relevant employees must complete AML and Know Your Customer (KYC) training annually. Employees with daily AML and KYC responsibilities are required to participate in supplementary targeted training programs.
247. WINTERFOX SOLUTIONS POLAND Sp. z.o.o. ensures that individuals responsible for AML and counter-terrorism financing duties participate in training programs tailored to their responsibilities. These training programs address the specific nature, type, and scale of WINTERFOX SOLUTIONS POLAND Sp. z.o.o.’s operations and are designed to keep employees updated on their obligations, particularly those outlined in Article 74, paragraph 1; Article 86, paragraph 1; and Article 89, paragraph 1 of the Polish Act of March 1, 2018, on counteracting money laundering and terrorist financing.
248. The training program at WINTERFOX SOLUTIONS POLAND Sp. z.o.o. includes, at a minimum:
WINTERFOX SOLUTIONS POLAND Sp. z.o.o.’s personnel are required to:
1. The company assesses risk factors related to various risk categories that either increase or decrease the risks associated with money laundering and terrorist financing.
2. The company maintains continuous oversight of transactions and activities throughout the duration of the customer relationship. This ongoing monitoring ensures that transactions align with the customer’s KYC information, business activities, and declared sources of funds and wealth.
3. Continuous monitoring is particularly important when verification is required. It helps identify and prevent suspicious or inconsistent activities, ensuring compliance with regulations and mitigating money laundering and terrorist financing risks. The transaction monitoring system employs both automated and semi-automated processes.
4. The automated component evaluates each transaction against established criteria, while the manual component involves staff responding to alerts generated by the automated system.
5. The following criteria are used for manual transaction monitoring:
6. The company utilizes automated daily monitoring of users’ cryptocurrency wallet transactions through the third-party provider AMLBot.
7. AMLBot uses advanced algorithms to analyze transaction patterns on the blockchain, cross-referencing data with watchlists and databases to detect potential money laundering, fraud, or other illicit activities. Suspicious activities, such as substantial transactions, rapid transfers, or connections to known criminal addresses, are flagged. If suspicious activity or a heightened risk score is detected in an internal wallet, the company suspends the wallet’s activity until the customer provides an explanation. Similarly, if suspicious activity is observed in an external wallet, the user’s profile is suspended pending clarification.
8. The risk score of a cryptocurrency wallet is based on the sources and destinations of transactions, categorized as low, medium, or high risk.
9. Example Risk Categories:
10. High-risk wallets may lead to the suspension of both the wallet and the user’s profile.
1. The company will evaluate risk factors associated with the specified risk categories, which either heighten or lessen the risks of money laundering and terrorist financing.
2. The risk assessment will be used for each identified risk factor, rating its impact (likelihood x impact) as follows:
3. Low Risk – Risk factors assessed as having:
4. Medium Risk – Risk factors assessed as having:
5. High Risk – Risk factors assessed as having:
6. Prohibited Risk – Risk factors meeting all of the following criteria:
7. When identifying and assessing the risk of money laundering or terrorist financing WINTERFOX SOLUTIONS POLAND Sp. z.o.o. considers factors relating to:
8. These factors may be categorized into the following criteria:
9. Business sectors are categorized into five risk tiers:
10. Acceptance of a legal entity operating within any of the aforementioned sectors is subject to the sole discretion of the Company. The Company retains the right to reject onboarding of a legal entity from the restricted sector, even if the legal entity fully complies with the relevant legislation in its country of registration and the incorporation country of the Company.
11. In accordance with regulatory obligations, the Company will not onboard any corporate client associated with prohibited business sectors.
12. Risk Business Sectors table below:
Low Risk Business Industries
Mid Risk Business Industries
High Risk Business Industries
Restricted Business Industries
Prohibited Business Industries
13. Exact list of countries divided to risk levels:
Low Risk Countries
Mid Risk Countries
High Risk Countries
Prohibited Countries
14. The company does not provide services for the UK citizens due to the updated regulatory requirements of the Financial Conduct Authority.
15. When recognizing the risk of money laundering or terrorist financing and assessing the associated risk level based on the type and subject of the transaction.
16. WINTERFOX SOLUTIONS POLAND Sp. z.o.o. considers:
17. A higher risk of money laundering or terrorist financing may be indicated by:
18. A low risk of money laundering or terrorist financing may be indicated by:
19. Risk scoring according to customer turnover:
20. WINTERFOX SOLUTIONS POLAND Sp. z.o.o. will review and update this risk assessment regularly, at least once per year, or whenever there are changes in the risk factors outlined in this assessment.
21. When applying this risk assessment, WINTERFOX SOLUTIONS POLAND Sp. z.o.o. will consider its status as a regulated institution and adhere to the specific requirements governing business activities in the realm of virtual currencies.
1. Appointment of Senior Management: WINTERFOX SOLUTIONS POLAND Sp. z.o.o. shall designate senior management members responsible for fulfilling the obligations outlined in the Polish AML Act. If a management board or another governing body is present, a member of such a body will be assigned to oversee the implementation of these obligations.
2. Appointment of AML Officer: WINTERFOX SOLUTIONS POLAND Sp. z.o.o. shall appoint an AML Officer—a senior-level employee—who is responsible for ensuring compliance with money laundering and terrorist financing regulations. The AML Officer oversees both the company’s operations and the activities of its employees and other personnel involved. Additionally, the AML Officer is responsible for submitting the following notifications, as specified in Articles 74(1), 86(1), 89(1), and 90 of the Polish AML Act, on behalf of WINTERFOX SOLUTIONS POLAND Sp. z.o.o.:
3. Quarterly Reporting: The AML Officer is also responsible for preparing and submitting quarterly statistical reports to the GIIF.
4. Upon request from the General Inspector of Financial Information (GIIF), WINTERFOX SOLUTIONS POLAND Sp. z.o.o. must promptly provide or make available any information or documents in its possession that are necessary for GIIF to perform its duties under the Polish AML Act. This may include details related to:
5. In the request mentioned in points 1 and 2, the GIIF may specify:
6. The information and documents referred to in point 1, must be provided and made available free of charge.
(Article 72 of the Polish AML Act)
7. WINTERFOX SOLUTIONS POLAND Sp. z.o.o. is required to report the following to the GIIF:
8. WINTERFOX SOLUTIONS POLAND Sp. z.o.o. must submit this information within 7 days from:
9. When calculating the 7-day reporting deadline, the provisions of the Polish Code of Administrative Procedure (Act of June 14, 1960) apply. The deadline begins the day after the event occurs. For example, if a payment is received on July 22, the deadline to report is July 29 by 23:59:59.
10. If the deadline falls on a public holiday or a Saturday, the reporting deadline is extended to the next business day that is neither a public holiday nor a Saturday.
(Article 74 of the Polish AML Act)
11. WINTERFOX SOLUTIONS POLAND Sp. z.o.o. is required to notify the GIIF of any circumstances suggesting a suspicion of money laundering or terrorist financing.
12. The notification must be submitted immediately, and no later than two business days after the suspicion is confirmed.
13. The notification should include:
14. The notification must include a justification that details:
15. WINTERFOX SOLUTIONS POLAND Sp. z.o.o. must promptly notify the competent prosecutor upon reasonably suspecting that assets involved in a transaction or held in an account are linked to a crime other than money laundering, terrorist financing, or a fiscal crime, or are associated with such a crime.
16. In the notification, WINTERFOX SOLUTIONS POLAND Sp. z.o.o. shall include all available information related to the suspicion, along with the anticipated time of the transaction mentioned in point 1. Until a decision is received, and no longer than 96 hours from the submission of the notification, WINTERFOX SOLUTIONS POLAND Sp. z.o.o. must refrain from executing the transaction or any other actions involving the account containing the assets in question.
17. Within the timeframe specified in the Reporting Manual, the prosecutor must issue a decision either to initiate or decline legal proceedings, and promptly notify WINTERFOX SOLUTIONS POLAND Sp. z.o.o.. If proceedings are initiated, the prosecutor will issue a decision to suspend the transaction or freeze the account for a maximum period of six months from the date the notification was received.
18. A decision to suspend the transaction or block the account may also be issued without a prior notification.
19. The decision will specify the scope, method, and duration of the suspension or account freeze. This decision can be appealed to the court with jurisdiction over the case.
20. The suspension of the transaction or account freeze must be lifted within six months of the decision being issued.
21. Upon receiving the decision, WINTERFOX SOLUTIONS POLAND Sp. z.o.o. must immediately submit information and copies of the notification to the GIIF using electronic communication means.
22. To fulfill the obligations outlined in the Reporting Manual for the first time, WINTERFOX SOLUTIONS POLAND Sp. z.o.o. must submit an identification form to the GIIF.
23. The identification form for the obligated institution includes the following information: