Know Your Customer/Anti-Money Laundering Public Policy
Effective date: 06/01/2018
Understanding Spend’s Know-Your-Customer and Anti-Money Laundering Policies
Spend, Inc. defends against involvement in illicit activities, such as money laundering, by doing the following:
- Routinely executing a company-wide assessment to determine the risk of inadvertent involvement in money laundering or other illicit activities. A risk profile is produced after these assessments
- Promulgating and adhering to well established anti-money laundering procedures and corporate policies
- Providing routine training to all employees to enhance their ability to thwart and detect money laundering
- Verifying the identity of customers and end users for all registered users of Spend, Inc.’s services
- Identifying a Compliance Officer who is responsible for the efficient operation of the anti- money laundering program
- Performing an annual audit to determine the sufficiency of anti-money laundering procedures
An anti-money laundering policy (“Policy”) shall be reviewed and approved by Spend, Inc.’s Board. Once approved, the Policy shall be furnished to all of Spend, Inc.’s employees and regular training on compliance shall be provided at intervals not to exceed one year. Employees shall confirm receipt and understanding of the Policy in writing.
Spend, Inc. developed, enacted, and refined controls to confirm that Spend, Inc. actions comply with relevant anti-money laundering legal obligations. These obligations include, but are in no way limited to, the submission of required reports on a timely basis. Steps taken to confirm the identity of customers and end users, the reporting of suspicious activity, and submission of required reports are all examples of internal controls employed by Spend, Inc.
Education and Training
Everyone employed by Spend, Inc., including its officers and board of directors, shall receive annual training concerning anti-money laundering procedures and client identity verification. This training shall be provided to new employees within 30 days of the date of official hire and shall also include information to help them comply with relevant laws while executing assigned job duties. Training may be provided and regularly updated to incorporate changes in laws, regulations, and market developments.
Customer Identity Verification
Spend, Inc. shall ensure that it took commercially reasonable steps to identify each customer using Spend, Inc.’s platform. Many methods may be employed to confirm user identity.
Account Generation and Creation Methods
As part of its account generation and creation process, Spend, Inc. shall: (1) obligate users to furnish proof of identity; (2) prohibit payments in US dollars to be made without complete account- opening data; (3) confirm that users are not listed in compliance databases. These databases include, but are not limited to, the OFAC Specially Designated Nationals list and other governmental watch lists.
- Mailing address and address of residence (PO boxes are not acceptable unless accompanied by valid mailing address)
- Government issued identification numbers including where relevant, but not limited to, social security numbers, driver’s license numbers, and passport numbers
- Place of birth and date of birth
- Copies of valid photo identifications for those listed as account holders Corporate Users
- Name of business and corporate representatives
- Copies of current photo identifications of corporate representatives using the account
- Mailing address of the client’s principal place of business (Spend, Inc. reserves the right to request the customer’s local address if the local address is not the same as the business’ principal place of business)
- Customer identification procedures shall be adhered to to determine the beneficial owners of trust or corporate accounts. These procedures include establishing whether a customer is an agent of another; deriving information concerning the ownership or structure of a company that is a legal entity not publicly traded in the US; and for trustees, getting data about the trust structure, determining the provider of funds, and discerning who has control over the funds and power to remove the trustee.
End User Verification
The validity of documents used to support the opening of an account is to be confirmed before the account can be finalized. Verification requires layered security, multi-factor authentication, and the satisfaction of other obligations to ensure that user identity has been meaningfully confirmed. Account size and other factors are considered during this process.
These methods are examples of verification processes that Spend, Inc. reserves the right to employ:
- Employing challenge questions to test user knowledge.
- Validating identifying information against information provided by trusted third party sources. Trusted third party sources include reporting/verification agencies like Jumio NetVerify, Lexus Nexus Instant ID, and Veratad.
- Validating claimed addresses with copies of bank statements, utility bills, and credit card statements.
- Ensuring that no inconsistencies exist between customer provided identifying information.
- Use of industry standard device identification procedures, such as geo-location checks and “digital fingerprints.
- Closing suspicious accounts when clients are unable to furnish sufficient information to confirm identity.
- Requesting notarized copies of birth certificates or businesses’ sealed incorporation documents with an apostille for identification.
Activity Reports and Suspicious Activity
Spend, Inc. will monitor transactions and network usage for suspicious activity. Unusual transactions are carefully reviewed to determine whether they are illogical or unlawful in purpose. Spend, Inc.’s controls are to be implemented to ensure that an ongoing monitoring system is established to thwart illicit actions as they occur. Whenever suspicious activity is detected, Spend, Inc. reserves the right to decide in its sole and exclusive judgment whether reporting the data to law enforcement is appropriate or required to comply with host nation laws.
While money laundering attempts are an example of a suspicious activity, they are by no means the only type of suspicious activity prohibited on Spend, Inc.’s platform. Spend, Inc. may report data even when no money is lost or stolen because of the transaction.
When Spend, Inc. determines that a transaction is possibly suspicious, it shall review transaction details. Spend, Inc.’s senior management shall be alerted and shall determine whether the transaction satisfies the conditions necessary to be deemed a suspicious transaction or activity. After making this determination, the senior management shall determine whether the transaction or activity should be reported to law enforcement with an official filing.
Spend, Inc. shall retain a copy of all documents filed with law enforcement. When filings are made all data related to the filing, including the fact that a filing was made, shall be treated as confidential. Only those required to support the investigation and subsequent reporting shall be notified of the filing’s existence. Under no circumstances should parties suspected of suspicious transactions or activities be notified. Spend, Inc. reserves the right to notify the Board of Directors of the filing.
Requirements to Record
Procedures to maintain records of data used to validate a person’s address, name, and other personally identifying information shall be established under the terms of this Policy. These are some steps that shall be taken when keeping records:
- Spend, Inc. shall retain a record of customer generated identifying information.
- Identification documents and transaction records shall be retained for a period no less than five years.
- Spend, Inc. shall diligently search for, record, and resolve any discrepancies that exist in the identifying information provided by clients to Spend, Inc.
- Spend, Inc. shall record the processes and results of supplementary measures employed to validate customer identity.
- Whenever identity is verified with a supporting document, Spend, Inc. shall retain copies of the document. The document and the resulting copies shall clearly display the type of document used and present the identifying information Spend, Inc. used to verify client identity.
Money Laundering Audit
Spend, Inc. will conduct an annual anti-money laundering audit. The audit shall be conducted by an independent party with a working knowledge of BSA requirements. If such a party is not available, the audit may be conducted by Spend, Inc.’s employees who have a working knowledge of BSA requirements. Corrective actions shall be derived from these audits and Spend, Inc. will provide the audit report along with intended corrective actions to Spend, Inc.’s management for review. Status reports concerning corrective actions will be routinely furnished to the management of Spend, Inc. until all outstanding matters are resolved.
SEC RULE 445-IM 02-21 In addition to internally beneficial AML policies for Spend, Inc. benefit, we support and follow SEC Rule 445 in which a compliance individual within our company is responsible for the review of all AML policy as a whole. This individual will serve an independent audit function within Spend, Inc. for and will continue education and testing of all AML policies well after implementation of the product.
Suspicious Activity Reporting At the notification of any sizable suspicious activity both internally or externally, Spend, Inc. will respond by performing a due diligence investigation into the matter along with filing a SAR-SF Treasury form. This is at the benefit of both the customer and Spend, Inc.