RizzBees S.R.O. Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) Policy

Effective Date: 5 January 2025

1. Policy Statement

RizzBees S.R.O. (hereinafter referred to as "the Company"), a crypto-asset service provider registered in Slovakia, is committed to preventing money laundering (AML) and the financing of terrorism (CFT) in strict compliance with applicable national, European Union (EU), and international laws and regulations. These include the Slovak Act No. 297/2008 Coll. on the Prevention of Legalization of Proceeds of Crime and Terrorist Financing, the EU’s Markets in Crypto-Assets Regulation (MiCA - Regulation (EU) 2023/1114), the Financial Action Task Force (FATF) recommendations, and other relevant standards.

Money laundering involves disguising the origins of illegally obtained funds to make them appear legitimate, while terrorist financing involves providing funds for illicit purposes. Such activities enable crimes such as terrorism, drug trafficking, corruption, and human trafficking. The Company implements robust policies, procedures, and controls to detect, mitigate, and report suspicious activities to the competent authorities, including the Financial Intelligence Unit (FIU) of Slovakia.

2. AML/CFT Compliance Framework

To ensure compliance with MiCA and other applicable regulations, RizzBees S.R.O. has established a comprehensive AML/CFT Compliance Framework, including the following key components:

2.1 Customer Due Diligence (CDD) and Know Your Customer (KYC) Procedures

The Company adheres to MiCA’s requirements for identifying and verifying customers as part of its onboarding process:

- Basic CDD: All clients must provide valid government-issued identification (e.g., passport, national ID), proof of address (e.g., utility bill or bank statement not older than 3 months), and, where applicable, information on the source of funds or wealth prior to account activation.

- Enhanced Due Diligence (EDD): For high-risk clients, such as those from high-risk third countries (as per FATF lists) or those involved in complex or unusually large transactions, additional verification steps are applied, including detailed source-of-funds documentation. However, per Company policy, RizzBees S.R.O. does not service Politically Exposed Persons (PEPs). If a client is identified as a PEP during the onboarding or monitoring process, their application will be declined or their account terminated, as applicable.

- Ongoing Monitoring: Client profiles and transactions are continuously monitored to ensure consistency with the client’s risk profile and to detect any unusual activity.

- Onboarding Process: All KYC and AML processes are fully digital and outsourced to Sumsub, a third-party provider specializing in identity verification and compliance solutions. Clients complete a secure digital onboarding form via Sumsub’s platform, which conducts automated verification checks (e.g., document authenticity, facial recognition). Accounts remain inactive until Sumsub confirms that KYC/CDD requirements are fully satisfied.

2.2 Transaction Monitoring and Reporting

- The Company employs real-time transaction monitoring systems to identify unusual patterns, such as high-frequency trades, large crypto-to-fiat conversions, or transfers to/from high-risk jurisdictions.

- Suspicious transactions are flagged, investigated, and, if necessary, reported to the Slovak FIU within the statutory timeframe (typically 5 working days) as per Slovak law and MiCA obligations.

- Crypto-specific risks, such as the use of mixers/tumblers or privacy coins, are closely scrutinized.

2.3 Prohibited Transactions and Restrictions

- RizzBees S.R.O. prohibits cash deposits or withdrawals in line with MiCA’s focus on traceable electronic transactions.

- Transactions involving sanctioned individuals, entities, or jurisdictions (as per EU and FATF lists) are strictly forbidden.

2.4 Record Keeping and Data Security

- In accordance with MiCA and Slovak law, client identification records, transaction data, and risk assessments are retained for a minimum of five (5) years following the end of the business relationship or transaction.

- Data is stored securely in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679, with encryption and access controls to protect client information.

2.5 Employee Training and Internal Controls

- All employees receive mandatory annual AML/CFT training, covering MiCA requirements, Slovak regulations, and crypto-specific risks (e.g., wallet screening, blockchain analysis).

- An AML/CFT Compliance Officer is appointed to oversee the program, ensure regulatory adherence, and liaise with authorities.

3. Enterprise-Wide Risk Assessment (EWRA)

RizzBees S.R.O. conducts an annual Enterprise-Wide Risk Assessment (EWRA) to identify, assess, and mitigate AML/CFT risks across its operations, as required by MiCA and FATF standards:

- Risk Identification: Assesses risks related to client base (e.g., geographic exposure), products (e.g., crypto trading, custody services), delivery channels (e.g., online platforms), and emerging threats (e.g., DeFi, NFTs).

- Risk Scoring: Assigns risk levels (low, medium, high) based on factors such as transaction volume, jurisdiction, and client behavior.

- Mitigation Measures: Implements controls such as enhanced monitoring for high-risk clients, blockchain analytics tools, and restricted access to certain jurisdictions.

- Review and Updates: The EWRA is reviewed annually or upon significant regulatory or operational changes, with findings reported to senior management.

4. Deposit & Withdrawal Requirements

- All deposits and withdrawals must be conducted via payment methods (e.g., bank accounts, crypto wallets) registered in the client’s name, ensuring traceability as per MiCA.

- Crypto withdrawals are subject to wallet screening to prevent transfers to illicit addresses.

5. Legal and Regulatory Obligations

- The Company complies with MiCA’s requirements for CASPs, including registration with the National Bank of Slovakia (NBS) or another competent authority, adherence to AML/CTF standards, and cooperation with EU supervisory bodies.

- Additional obligations under Slovak law and FATF recommendations are fully integrated into operations.

6. Limitation of Liability

RizzBees S.R.O. shall not be liable for losses, claims, or damages arising from AML/CFT compliance actions, such as transaction delays, account suspensions, or mandatory reporting, provided such actions are taken in good faith and in accordance with applicable laws.

7. UK Financial Promotion Restriction Policy – Statement of Compliance

RizzBees S.R.O. acknowledges that under the UK Financial Services and Markets Act 2000 (Financial Promotion) Order 2005, it is unlawful to communicate financial promotions to UK persons unless an exemption applies.

RizzBees strictly limits the marketing, offering, and provision of its crypto asset services to UK-resident clients who fall under one or more of the following exempt categories:

Certified high net worth individuals (as defined in Article 48)
High net worth entities (as per Article 49)
Sophisticated investors (Articles 50 and 50A)

RizzBees confirms that its website and any communications that could be accessed by UK users contain explicit disclaimers and eligibility statements restricting access to only those individuals and entities who fall within the scope of such exemptions.

No promotions are directed at UK retail clients unless the firm becomes authorized to do so or acts under the supervision of a UK FCA-authorized approver.

Compliance with this restriction is monitored by the firm’s AML/CFT Compliance Officer, and marketing materials are subject to prior review before publication.

8. Amendments and Updates

The Company reserves the right to update this AML/CFT policy to reflect changes in MiCA, Slovak regulations, or other legal requirements. Clients and employees will be informed of material changes via email or the Company’s website.

For AML/CFT-related inquiries, please contact:

- Support: help@rizzbees.com

- Legal: legals@rizzbees.com