CodeCash AML – BSA Policy

Table of Contents

Introduction p.1
CodeCash Service p.1

  • Flow of Funds p.1
  • Terms of Use p.2

CodeCash Customer Identification Protocol (CIP) p.2

  • CIP Purpose p.2
  • CIP Procedures p.2
  • Steps for Compliance p.2-3
  • Identity Verification p.2
  • Required Information
  • Failure of Verification
  • Cross-Checking of Government List p.3
  • Customer Notification
  • Retention of Records

Know Your Customer (KYC) – p.4

  • CodeCash Partner Requirements (See CIP also) p.4
  • CodeCash KYC Protocol p.4

Bank Secrecy Act (BSA) p.5

  • BSA Specific Risk Categories p.5-6
  • Services p.5
  • Customers
  • Transactions
  • Geographic Locations
  • Agents
  • Money Laundering p. 5-6
  • Stages of Money Laundering
  • Placement
  • Layering
  • Integration

Anti-Money Laundering (AML) p.7

  • CodeCash Compliance Standards
  • CodeCash Internal Reporting Procedures and Records
  •  CodeCash Minimum Requirements of Management in Support of AML/BSA Compliance p.8
  •  CodeCash Systems Compliance Monitoring p.8
  • CodeCash Compliance Officer Duties p.8-10
  • Monitoring and Testing p.9
  • Training and Reporting
  • Audits
  • AML Risk Assessment
  • Monitoring and Reporting of Suspicious Activity p.10

CodeCash Employee Training p.10-12

  • CodeCash Employee Training Manual
  • CodeCash Employee Training Content and Protocol p.11-12
  •  CodeCash Training Records p.12

Introduction

The fight against crime demands that criminals are prevented from legitimizing the proceeds of their crime by the process of money laundering. It is a process which can involve banks, financial institutions, professionals, and money service businesses. CodeCash is passionate partner in this fight and is committed to deterring these financial crimes through the strict enforcement and compliance of the Anti-Money Laundering Act, Bank Secrecy Act, Customer Identification Program, and Know Your Customer Protocol.

CodeCash Service:

CodeCash is a payment app that uses Quick Read Codes (QR Codes) to allow the seamless transfer of funds between two verified user’s bank accounts/credit cards/debit cards for payment of non-business, personal transactions between peers (otherwise known as Peer to Peer or P2P Payments). See our Flow of Funds for more detail here.

  • CodeCash will only operate in the US, with US Resident users only.
  • CodeCash will instruct users to only send or receive money from users they know personally. Any other recipient will be flagged for review and possible cancelation.
  • CodeCash will do a full KYC on each customer before account opening.
  • CodeCash will have a weekly rolling limit of $300 for total account transactions, meaning that transactions cannot exceed $300 in a given 7 day period.

See our Terms of Use for more details here.

CodeCash CIP (Customer Identification Program Policy)

CIP Purpose:

In an attempt to deter terrorism and money laundering, this document sets forth the CodeCash written policy and procedures to comply with the Customer Identification Program (CIP).
It is the policy of CodeCash to:

  • Verify the identity of any user opening a new CodeCash Account.
  • Maintain records of information used to identify new users for a period of 5 years after account closing.
  • Compare the names of the users opening new CodeCash Accounts against list of known or suspected terrorist organizations provided by agencies of the U.S. government.
  • Provide users with notices that CodeCash is requesting information under this CIP policy.

Furthermore;

  • CodeCash only provides services for resident users based in the U.S.
  • Users that fail to complete identity verification will not be able to open a CodeCash Account, which is an FBO (For Benefit Of) account for the individual user at a financial institution.

CIP Procedures:

The procedures are based on CodeCash’s assessment of the risks presented by the service CodeCash provides, the type of identifying information available, and the types of accounts maintained by CodeCash. Identity verification procedures implemented are intended to enable CodeCash to form a reasonable belief that it knows the true identity of the user.

Steps for Compliance

Identity Verification

  • CodeCash leverges API’s like Plaid, an industry leading solution that uses bank data to verify our users’ identity. Users are required to provide online bank login information and Plaid verifies users’ identities based on what is on file at the bank. The Plaid technology based solution is secure and effective as evidenced by its adoption by many of today’s fin-tech leaders, and Plaid is backed by leading financial institutions, including CitiBank, American Express and Goldman Sachs.

2. Required Information

CodeCash will obtain the following information from each user that requests the opening of a CodeCash Account; Name, Date of Birth, Street Address, and Social Security Number. CodeCash may require users to provide additional
documents such as driver license or residency documents such as passports to help verify identity.

3. Failure of Verification

If user identity cannot be verified through Plaid, CodeCash will notify user to provide updated information. User will not be able to open and use a CodeCash Account until verification can be completed.

4. Cross Checking of Government list.

CodeCash screens users requesting CodeCash Account services for matches against suspected or known terrorists. Any user’s name that appears on any of the government lists below will NOT be allowed to open a CodeCash Account

5. Customer Notifications

When a user chooses to open a CodeCash Account, CodeCash collects required identity information by requiring users to fill out and submit the information through our mobile solution. A user is also notified of the need to verify their identity to meet government regulations in the CodeCash “Terms and Conditions”. When a user fails verification CodeCash does not proceed with the Account opening and notifies the user of the failure through both email and in-app notifications.

6. Retention of Records

The Identifying information (name, address, date of birth and SSN) will be retained 5 (five) years after the CodeCash account is closed, along with the verification method used (through Plaid) and verification results.

Know Your Customer

Partner Requirements

  • Partner holds an industry standard, or accreditation, for up-to-date information
  • Partner’s compliance with the standards are assessed and approved
  • Partner uses a range of positive information sources, and links a person through other sources, to search and identify current and previous circumstances
  • Partner uses negative information sources, such as database relating, to detect accounts using identity fraud or deceased persons information.
  • Partner uses a wide range of alert source, such as up-to-date financial sanctions information
  • Partner has transparent processes that enable CodeCash to know what checks were carried out, what the results of these checks were, and what they mean in terms of how much certainty they give CodeCash as to the identity of the subject.
  • Partner should be able to keep records of the information used to verify identity information for the required time period.

KYC Protocol

Strict implementation of the “Know Your Customer” principle and the maintenance of adequate record keeping procedures are necessary should any customer come under investigation. Below are the protocols for the CodeCash KYC program:

  • CodeCash requires all users to be registered on the app as soon as contact is established and to maintain a CodeCash Account in order to initiate any transactions or receive any monies on the app.
  • All registered users can only become registered on the CodeCash App after verifying all required information such as name, date of birth, place of birth, gender, home address, email, phone number, social security number, and residency information.
  •  If CodeCash is not able to verify all information, an account will not be created and the customer will be notified.
  • If the customer was sent money, the money will not move to the new account, but will be returned to the original owner after a report is made and it is deemed a non-suspicious transaction. A determination as to whether to make a suspicious activity report will be made after an initial assessment. If a SAR is not needed, CodeCash will record the reasons why the report was not required.
  • All users need to disclose their given name and family name (surname), nationality, gender, email, phone number, and in addition may need proof of identity documents (see below), proof of residential address, and/or photograph of individual (self).
  • All users represent that they are currently located in the United States of America and are a citizen of the United States of America
  • All users need to provide proof of residency such as a passport, naturalization certificate, or birth certificate as well as a driver’s license or state issued ID card. CodeCash or its KYC Partner will record what identity data was presented, how this data was checked, and the outcome of the verification process.
  • All users need to represent that they are not listed on any blacklists such as the US Treasury Department’s list of Specially Designated Nationals and Blocked Persons, the US Commerce Department Denied Persons List, the EU Consolidated List of Persons, etc. and they are not acting on behalf of a person enlisted as such.

Bank Secrecy Act (BSA)

The BSA is intended to safeguard the US financial system and the financial institutions that make up that system from the abuses of financial crime, including money laundering, terrorist financing, and other illicit financial transactions. Money laundering and terrorist financing are financial crimes with potentially devastating social and financial effects. From the profits of the narcotics trafficking to the assets looted from government coffers by dishonest foreign officials, criminal proceedings have the power to corrupt and eventually destabilize communities or entire economies. In both money laundering and terrorist financing criminals can exploit loopholes and other weaknesses in the legitimate financial system to launder criminal proceeds, finance terrorism, or to conduct other illegal activities, and, ultimately hide the actual purpose of their transactions.

Banking organizations and money service businesses must develop, implement, and maintain effective Anti-Money Laundering programs that address the ever-changing strategies of money launderers and terrorists that attempt to gain access to the US financial system. A sound BSA/AML compliance program is critical in deterring and preventing these types of activities at banks and other financial institutions.

BSA Specific Risk Categories

  • Services – CodeCash allows Peer to Peer digital money transfer which increases risk as per the Financial Action Task Force (FATF) which states: “the absence of face to face contact may indicate a higher money laundering/terrorist financing risk situation” and “an absence of Customer Due Diligence increases the difficulty for the service provider to identify suspicious activity”.
  • Customers – non-personal customers and intermittent users..
  • Transactions – one-off transactions, non routine transactions, numerous small transactions require more diligence to track and monitor for illegal activity. For example, cash might be deposited into several co-conspirator accounts and sent via mobile P2P to multiple mobile identities controlled by one individual.
  • Geographic locations – domestic high-risk geographic locations may include but are not limited to a customer located within the US government designated high-risk geographic locations such as high intensity drug trafficking area or a high intensity financial crime area.
  • Agents – Not Applicable, CodeCash will not have agents facilitating money transfer and all services will be automated through the mobile app.

Money Laundering

Money laundering is the process by which criminals attempt to conceal the true origin of the proceeds of their criminal activities. If undertaken successfully, it also allows them to maintain control over those proceeds and, ultimately, to provide a legitimate cover for their source of funds. It is the criminal practice of processing ill gotten gains or dirty money through a series of transactions in this way the funds are cleaned so they appear to be proceeds from legal activities. Money laundering generally does not involve currency at every stage of the laundering process. Although money laundering is a diverse and often complex process it basically involves three independent steps that can occur simultaneously.

Stages of Money Laundering

Placement –
The first and most vulnerable stage of laundering money is placement. The goal is to introduce the unlawful proceeds into the financial system without attracting the attention of financial institutions or law-enforcement. Placement techniques include structuring currency deposits in amounts to evade reporting requirements or commingling currency deposits of legal and illegal enterprises. An example may include dividing large amounts of currency into less conspicuous smaller amounts that are deposited directly into a bank account, depositing a refund check for a cancelled vacation package or insurance policy, or purchasing a series of monetary instruments such as cashiers checks or money orders that are then collected and deposited into another account. These are also called linked transactions, which may be a series of transactions by a legitimate customer or they may be transactions that appear to be independent but are in fact split into two or more transactions to avoid detection.
This again typically happens when a customer tries to avoid anti-money laundering controls by splitting transactions into several smaller amounts below the level at which you check ID or inquire about the source of funds. We will have systems in place to detect such transactions and to undertake enhanced due diligence on them and report any suspicious activity when they are detected.

  • CodeCash will put systems in place to monitor these types of customer transactions. We will be able to identify linked transactions by associating a series of money transfers made by the same customer to a recipient or several recipients over a period of time. CodeCash will also be able to associate a series of money transfers made by different customers to the same recipient over a period of time.

Layering
The second stage of money laundering is layering, which involves moving funds around the financial system, often in a complex series of transactions to create confusion and complicate the paper trail. Examples of layering include exchanging monetary instruments for larger or smaller amounts, or wiring or transferring funds to and through numerous accounts in one or more financial institutions.

Integration
The ultimate goal of the money laundering process is the third stage, which is integration. Once the funds are in the financial system and insulated through the layering stage, the integration stage is used to create the appearance of legality through additional transactions. These transactions further shield the criminal from a recorded connection to the funds by providing a plausible explanation for the source of the funds. Examples include the purchase and resale of real estate, property, jewelry, high end automobiles, or investment securities,

AML

CodeCash Compliance Standards

  • Always conduct business in accordance with the highest ethical standards.
  • Follow the CodeCash “Know Your Customer” protocol
  • Always be alert to customer transactions that may indicate money laundering or other criminal activity; and take proper steps to refuse or report such transactions.
  • Cooperate with appropriate authorities within the confines of applicable law and report any suspicious activity to the CodeCash’s Compliance Officer.
  • Fully comply with record keeping and reporting requirements of the BSA and applicable regulations.
  • Maintain all records required by the BSA, United States of America Patriot Act and all applicable anti-money laundering laws and regulations for the required specific period of time, at minimum.
  • Comply with all applicable federal and state laws and regulations.

CodeCash Internal Reporting Procedures and Records

CodeCash has appointed a competent and dedicated management executive as our money laundering compliance officer. Tariq Jalil, CEO, will receive and consider information that gives rise to any knowledge or suspicion that a customer is engaged in money laundering activities.
CodeCash will provide for a segregation of duties to the extent possible, for example, the employee that handles completing the reporting forms generally will not be the same employee responsible for the decision to file the suspicious activity report or grant the exemptions.

CodeCash Minimum Requirements of Management in Support of AML and BSA Compliance::

  • CodeCash will identify, assess, and effectively manage the risks that our business may be exploited to launder money or finance terrorists
  • Our senior managers will:
  • Be responsible for ensuring that the business carries out a risk assessment for operations and has policies, controls, and procedures to help reduce the risk that criminals may exploit the business for financial crime. CodeCash policies, controls, and procedures will address the level of risk that the business encounters in different circumstances.
  • Prepare, maintain, and improve upon the CodeCash written policy statement and document controls and procedures to show how the business will manage the risks of money laundering and terrorist financing identified in the risk assessment.
  • Review and update the policies, controls, and procedures to reflect changes to the risk assessment based on the review by the business.
  • Ensure there are enough trained employees equipped to implement policies adequately, and systems in place to support them.
  • Monitor effectiveness of the businesses policies, controls, and procedures and make improvements where needed and required.
  • Codecash will provide for program continuity despite changes in management or employee composition or structure.
  • CodeCash will take a risk based approach to managing these risks that focuses more effort on higher risks.
  • CodeCash Management will appoint a nominee as an officer to document and report suspicious activity to the appropriate authority.
  • CodeCash will devote enough resources to deal with money laundering and terrorist financing.
  • CodeCash Compliance Officer will carry out regular risk assessments identifying where the business is vulnerable to money laundering and terrorist financing.
  • CodeCash management will prepare, maintain, and approve a written policy statement controls and procedures to show how the business will manage the risks of money laundering a terrorist financing identified in these risk assessments.
  • CodeCash Compliance Officer will update these policies, controls, procedures to reflect changes to the risk faced by the business.
  • CodeCash Compliance Officer and Management will monitor effectiveness of the business’s policies, controls, and procedures and make improvements were required.

CodeCash System Compliance Monitoring

We have designed and will implement the right systems to spot suspicious activity and ensure that staff is fully trained and aware of what sort of indicators are present during any money laundering activity they may encounter. For example:

  • Our system will flag when two or more users utilize similar identification
  • Flags will be put in place to alert us if a user initiates a transaction and upon learning that they must show ID or provide additional identifying information then backs out of the transaction.
  • The system will alert us if a user alters the spelling or order of their full name.
  • If a user conducts transactions that are just below relevant thresholds in order to not trigger fund restrictions, our system will alert us.
  • Our system will alert us if a user or group of users appears to be breaking large transactions into numerous transactions in one day or varying amounts at different times of the day in order to mask a suspicious transaction.

CodeCash Compliance Officer Duties

The Compliance Officer’s contact details will be published from time to time to our staff and may be published on the app. CodeCashwill make reasonable arrangements in order to introduce measures designed to assist the functions of the Compliance Officer and to encourage reporting of suspicious transactions made by employees. These measures will make employees aware of the proper procedures in order to prevent money laundering and the relevant legislation.

The Compliance Officer Duties and Responsibilities are as follows:

Monitoring and Testing

  • Ensuring that CodeCash is compliant with this AML policy as well as any other laws or regulations
  • Testing the CodeCash AML procedures and systems

Training and Reporting

  • Training of the CodeCash employees per this AML policy
  • Receive and investigate internal suspicious activity reports and transaction reports from CodeCash employees, and send completed reports to the appropriate authorities Audits
  • Ensure that an independent, risk-based audit is conducted generally every 12 to 18 months to ensure adherence to the BSA/AML compliance program and overall adequacy and effectiveness in regards to the regulatory requirements, as well as record keeping and reporting requirements. The audit will also review management efforts to resolve violations and deficiencies noted in any previous audits or examinations and the progress in addressing any supervisory actions, if applicable.
  • Ensure that there is a yearly audit and review of staff training for adequacy and accuracy.
  • Ensure Yearly  audits will be implemented to review the effectiveness of the suspicious activity monitoring systems, automated or manual, that are used for the BSA/AML compliance. These reports will include suspicious activity monitoring reports, insufficient funds reports, account relationship reports, and fund transfer records.
  • During the independent audit, an assessment of the accuracy and integrity of the management information systems used in the compliance program, such as the reports used to identify large currency transactions, aggregate daily currency transactions, funds transfer transactions, and analytical and trend reports be done. .

AML Risk Assessment

  • Customers: Non face-to-face customers pose a risk as physical ID authentication will not be possible
  • Transactions: Occasional transactions, as opposed to ongoing and routine business transactions, offer a higher level of risk as it is more difficult to determine patterns of behavior with occasional transactions.
  • Transactions: If we offer transactions to a highly transient population this will be at a higher risk as they are often geographically dispersed and do not have patterns of behavior to study or monitor easily.

Monitoring and Reporting of Suspicious Activity:

  • CodeCash will issue a SAR (suspicious activity report) if we have reason to suspect or know that a transaction or pattern of transactions is suspicious or involves $1800 or more within 30 calendar days of the initial detection (when the appropriate review was conducted and the transaction was deemed in fact suspicious).
  • If a transaction involves funds derived from illegal activity or is intended or conducted in order to hide or disguise funds or assets derived from illegal activity CodeCash will issue a confidential SAR.
  • If CodeCash suspects that this illegal activity is related to terrorist activity against the United States of America we will immediately call the financial institution hotline at 1–866–556–3974, issue a SAR, and contact the appropriate law-enforcement agency.
  • If CodeCash detects any transaction designed to evade the BSA requirements, whether that be through restructuring or other means, we will report this to our Compliance Officer, issue a SAR if determined necessary, and keep a copy of the SAR for five years.
  • If there is any supporting documentation such as transaction records CodeCash will maintain them with the copy of the filed form for five years from the date of filing the report.
  • If CodeCash detects that a transaction that appears to serve no personal function and CodeCash cannot determine a reasonable explanation for the transaction after examining all available facts, a SAR report will be issued and brought to the attention of our Compliance Officer, while observing all data records requirements for the reporting. .
  • CodeCash will ensure that our system or our KYC partner system institutes a check for any users on the National Security list or any other such list that requires additional due diligence of their account.
    ⦁ If a transaction is different from the normal business of the user it will be flagged
  • If the size and frequency of the transaction is different from the user’s normal pattern it will be flagged
  • If the user payment pattern has changed since the business relationship was originally established, the account will be flagged
  • If there has been a significant or unexpected improvement in the user’s financial status on the CodeCash App and the customer cannot give a proper explanation of where the money came from it will be flagged.

CodeCash Employee Training

CodeCash Employee Training Manual

The content of our employee training manual shall include:

  • Documentation that shows the CodeCash commitment to the prevention, detection, and reporting of money laundering and terror financing crimes
  • Examples of money laundering and terror financing that have been detected in similar organizations
  • Well-known and recognized cases of money laundering or terrorist financing that are made available by the government
  • The potential legal liability in the case of money laundering and terror financing
  • Responsibilities of CodeCash employees regarding CodeCash AML policy and any money laundering and terrorist financing activities
  • Documentation on how to identify and report suspicious activities and issue Suspicious Activity Reports (SAR)
  • To whom CodeCash employees should be reporting money laundering knowledge or suspicion and a clear reporting chain to which this knowledge or suspicion can we passed, without any delay, to the Compliance Officer.
  • An overview of the BSA/AML requirements that will be provided to all new staff as part of their new employee manual during their employee orientation.
  • The CodeCash Employee Manual will have a section that documents all applicable requirements and policies/procedures.

CodeCash Employee Training Content and Protocol

  • Documentation that shows the CodeCash commitment to the prevention, detection, and reporting of money laundering and terror financing crimes
  • Examples of money laundering and terror financing that have been detected in similar organizations
  • Well-known and recognized cases of money laundering or terrorist financing that are made available by the government
  • The potential legal liability in the case of money laundering and terror financing
  • Responsibilities of CodeCash employees regarding CodeCash AML policy and any money laundering and terrorist financing activities
  • Documentation on how to identify and report suspicious activities and issue Suspicious Activity Reports (SAR)
  • To whom CodeCash employees should be reporting money laundering knowledge or suspicion and a clear reporting chain to which this knowledge or suspicion can we passed, without any delay, to the Compliance Officer.
  • An overview of the BSA/AML requirements that will be provided to all new staff as part of their new employee manual during their employee orientation.
  • The CodeCash Employee Manual will have a section that documents all applicable requirements and policies/procedures.

CodeCash Training Records

  • Training records will include:
  • A copy of the training materials
  • Details of the type of training and the name of the instructor who led/provided it
  • A list of CodeCash staff who have completed training, with dates, and their signatures confirming understanding of obligations
  • Any electronic training records with list of attending staff and electronic signatures
  • An updated training schedule