What are the legal obligations applicable to the Company?
Cryptosmart S.r.l. (the “Company” or “Cryptosmart”), as a provider of services related to the use of virtual currency and digital wallets, is subject to the regulatory provisions concerning the fight against money laundering and the financing of terrorism set forth in Legislative Decree No. 231 of November 21, 2007, as subsequently amended and supplemented (the “Anti-Money Laundering Decree”).

Cryptosmart has therefore adopted safeguards aimed at preventing the Company’s involvement in illegal acts, facts or events and/or contrary to applicable laws and regulations, which may, among other things, result in the Company’s involvement in money laundering or terrorist financing.

The Company provides its users with services related to blockchain technology through, among other things, an internet platform – available at www.cryptosmart.it as well as through a special app for smartphones – that allows them to buy and sell virtual currencies or tokens/digital assets, as well as to convert virtual currencies or tokens/digital assets with each other or against legal tender and vice versa (the “Platform”).

Cryptosmart’s efforts to prevent and combat money laundering and terrorist financing are embodied in the adoption of safeguards to ensure customer due diligence, traceability of customer transactions, detection and reporting of suspicious transactions, and retention of customer data and documents. The Company has adopted its own internal policy (the “Policy”) in order to describe the internal rules and procedures implemented and managed by the Company to comply with the obligations set forth in the Anti-Money Laundering Decree and its implementing legislation, where applicable to the Company.

The aforementioned Policy has been prepared taking into account, among other things, the nature, size and complexity of the activity carried out by the Company, in accordance with the principle of proportionality, as well as in light of the risk associated with the activities carried out by Cryptosmart, according to the so-called risk-based approach.

To whom does the Policy apply?
The Policy applies to the activities provided by the Company in its dealings with customers who join the Platform and execute transactions through it, as well as to any other form of activity carried out from time to time by the Company that involves the provision of services related to the use of digital wallets and/or virtual currency. The Policy does not apply in relation to relationships held or transactions performed by the Company outside the above activities – such as, for example, relationships with suppliers, consultants, IT service providers, outsourcers, etc. The provisions of the Policy apply to employees, contractors and corporate officers of the Company.

What are the activities performed by the Company for AML purposes?
The Company, as a provider of services related to the use of virtual currency and digital wallets, falls within the scope of “obligated persons” who are required to fulfill the obligations in the area of anti-money laundering and countering the financing of terrorism provided for by current legislation. In order to counter these phenomena and in accordance with the Anti-Money Laundering Decree, Cryptosmart fulfills the following four main obligations:
– customer due diligence;
– retention of customer data and information;
– suspicious transaction reports;
– abstention.

The Anti-Money Laundering Decree provides for an accurate census of customer information so that Cryptosmart can adopt objective and consistent procedures for the analysis and assessment of the money laundering and terrorist financing risks to which it is exposed in the conduct of its business, in accordance with the risk-based approach mentioned above.

In this regard, Cryptosmart – based, inter alia, on the type of customers – carries out risk analysis and assessment taking into account the geographical area of operation, the risk associated with the customer and the characteristics of the products and services offered. The Company lends its utmost cooperation with the authorities responsible for combating money laundering and financing of terrorism – namely, the Ministry of Economy and Finance, the Financial Intelligence Unit (“FIU”) established at the Bank of Italy, the supervisory authorities of the individual sectors in which the obligated parties operate pursuant to the Anti-Money Laundering Decree, the Anti-Mafia Investigative Directorate (DIA) and the Guardia di Finanza.

What docustomer due diligence activities consist of?
The collection of information regarding the customer and the related identification process (“Know Your Customer”) is an essential part of the anti-money laundering safeguards adopted by the Company in its dealings with its customers. Customer due diligence, in addition to being a valuable tool for combating money laundering and terrorist financing, protects the Company from exposure to risks of a commercial and reputational nature as well as the application of administrative, civil and criminal sanctions.

Pursuant to the Anti-Money Laundering Decree, and as better described in the Policy, Cryptosmart performs customer due diligence, in particular, upon the establishment of an ongoing relationship with the customer – that is, at the time of registration on the Platform by the latter – as well as when there is suspicion of money laundering or terrorist financing, or there are doubts about the veracity or adequacy of the data previously obtained for customer due diligence purposes. In all of the above cases, the obligations of due diligence are fulfilled by the Company with reference to the customer as well as, where applicable, the beneficial owner and/or executor.

The Company has set up a special mechanism to carry out customer due diligence at the time of the establishment of the ongoing relationship with the customer, through information technology tools that enable the customer to be identified remotely in a secure and reliable manner. The Company also verifies the veracity of the identification data contained in the documents and information acquired at the time of identification, according to the procedures detailed in the Policy. In addition to the above, the Company acquires and evaluates information on the purpose and nature of the ongoing relationship, verifying the compatibility of the data and information provided by the customer with the information independently acquired by the Company, including with regard to the set of transactions carried out under the relationship or other relationships previously held, as well as the establishment of further relationships.

What does the constant monitoring of the relationship for anti-money laundering purposes consist of?
Cryptosmart performs constant monitoring during the course of the ongoing relationship by implementing the analysis of the transactions carried out and activities performed or identified throughout the duration of the relationship, so as to verify that they are consistent with the Company’s knowledge of the customer and his risk profile, including with regard, if necessary, to the origin of the funds. During the course of the relationship with the customer, Cryptosmart updates the data and information concerning customer due diligence according to the periodicity defined within the Policy.

What are the customers’ obligations for the purposes of the due diligence process carried out by the Company?
The customer is obliged to provide, through the procedure indicated by Cryptosmart’s platform, under his or her own responsibility, all necessary and up-to-date information required by the Company in order for Cryptosmart to fulfill its customer due diligence obligations. The provision of complete and truthful information is a legal obligation, the fulfillment of which is essential to enable the Company to be able to properly perform the due diligence activities required by the Anti-Money Laundering Decree.

What does enhanced due diligence consist of?
In the presence of a high risk of money laundering or terrorist financing, the Company adopts enhanced customer due diligence measures by acquiring additional information about the customer and the beneficial owner; these enhanced measures may consist, as appropriate, in the acquisition of additional information or feedback regarding the customer, the beneficial owner, the purpose and nature of the relationship, as well as the intensification of the frequency of procedures aimed at ensuring the ongoing monitoring of the ongoing relationship, as further reported within the Policy.

How are data and information collected by the Company retained?
The
Company retains the documents, data and information useful to prevent, detect or ascertain any money laundering or terrorist financing activities and to enable the performance of the analyses carried out, within the scope of their respective attributions, by the FIU or other competent Authority, with particular reference to the documents acquired as part of customer due diligence. In order to comply with the preservation requirements of the Anti-Money Laundering Decree, the Company has established a computer register, which ensures that the management of data takes place with clarity, completeness, so that there subsists immediacy of information and ease in consulting them.

The management and storage of the above data is carried out in compliance, in all cases, with the applicable legal provisions on the protection of personal data (GDPR). What are the organizational measures taken by the Company to ensure compliance with AML obligations? The Company has internally assigned responsibility for activities related to compliance with regulations on combating money laundering and terrorist financing through the appointment of an AML Officer.

Cryptosmart has implemented specific organizational/regulatory safeguards for the fulfillment of obligations under the Anti-Money Laundering Decree. In particular, adequate internal procedures have been prepared to manage, implement and regulate the obligations prescribed by the Anti-Money Laundering Decree in order to provide the Company’s corporate functions with consultation and support tools useful for understanding the subject matter.

Cryptosmart has equipped itself with specific IT tools both for the analysis of AML risk profiles to be attributed to customers and for the monitoring of “anomalous” transactions. The Company has adopted its own internal process for reporting transactions that raise suspicions about the illicit origin of transferred funds.

The Company ensures that mandatory training programs (e.g., e-learning, specialized courses) are conducted for all staff, associates and corporate officers. These training programs are aimed at the proper application of the provisions of the Anti-Money Laundering Decree, the recognition of transactions related to money laundering or the financing of terrorism, and the adoption of the behaviors and procedures that all personnel, collaborators, and corporate officers must adopt to comply with the provisions of the Anti-Money Laundering Decree, as outlined in the Company’s Policy.