AML/CFT Policies
Last Updated on March 04, 2024
Introduction and Policy Statement
Noda is a payment institution licensed and regulated by the Financial Conduct Authority (FCA) in the UK. We are committed to preventing money laundering and terrorist financing in accordance with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and other relevant legislation.
Noda's AML policy and procedures apply to all activities and operations carried out within the scope of our business. We are committed to a zero-tolerance approach to money laundering and terrorist financing, and we will take all necessary and proportionate measures to prevent and detect such activities.
1. Regulatory Framework
As a Payment Institution licensed by the Financial Conduct Authority in the UK, Noda is subject to a regulatory framework that includes various laws, regulations, and guidelines related to anti-money laundering (AML) and countering the financing of terrorism (CFT). Some of the key components of our regulatory framework include:
- The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017
- The Sanctions and Anti-Money Laundering Act 2018
- The Criminal Finances Act 2017
- The Financial Conduct Authority's Handbook
- The Proceeds of Crime Act 2002 (POCA)
- The Terrorism Act 2000 and 2001
- The Counter-Terrorism Act 2008
- The UK National Risk Assessment of Money Laundering and Terrorist Financing
- International Standards
- Second Payment Services Directive (PSD2)
- Payment Services Regulations 2017 (PSR 2017)
2. Risk Based Approach
Noda will adopt a risk-based approach to identify, assess, and manage money laundering and terrorist financing risks. The firm will conduct a risk assessment of its business activities, products, and services to identify and assess the level of AML/CFT risks. The risk assessment will be reviewed and updated on a regular basis or whenever there are material changes to the firm's business activities, products, or services.
The firm's risk assessment will be guided by its internal policies, which outlines the process for identifying, assessing, and managing AML/CFT risks across the entire organization.
Based on the risk assessment, the firm will develop and implement appropriate risk mitigation measures to effectively manage the identified risks. These measures may include customer due diligence, enhanced due diligence, ongoing monitoring, sanctions screening, and suspicious activity reporting, among others. The level and frequency of these measures will be commensurate with the level of risk identified.
The results of the risk assessment and any updates to the risk mitigation measures will be documented and presented to the MLRO and senior management for review and action.
Noda acknowledges that adopting a risk-based approach is an ongoing process that requires continuous monitoring, evaluation, and improvement to ensure that the firm's AML/CFT program remains effective and up-to-date.
3. Risk Assessment
Noda is committed to preventing money laundering and terrorist financing, and has established a risk-based approach to identifying and assessing the risks associated with its business activities. The purpose of this risk assessment is to identify the specific risks of money laundering and terrorist financing associated with Noda's open banking services and to establish appropriate controls to mitigate those risks.
3.1 Methodology
Noda uses a risk-based approach to identify and assess the risks of money laundering and terrorist financing associated with its business activities. The risk assessment is based on a combination of factors, including:
- The nature and extent of the open banking services provided by Noda
- The types of customers that Noda serves, including their geographic location, size, and business activities
- The products and services offered by Noda, including their complexity and potential for misuse
- The methods used by customers to access Noda's services
- The countries in which Noda operates, and the regulatory requirements in those countries
- Other relevant factors, such as changes in technology and the financial services industry.
3.2 Risk Categories
Noda has identified the following risk categories associated with its open banking services:
- Customer Risk: Customers who pose a higher risk of money laundering or terrorist financing due to their business activities, geographic location, or other factors.
- Product Risk: Products and services that pose a higher risk of money laundering or terrorist financing due to their complexity, potential for misuse, or other factors.
- Geographic Risk: Countries or regions that pose a higher risk of money laundering or terrorist financing due to their regulatory environment, level of corruption, or other factors.
- Channel Risk: Channels through which customers access Noda's services that pose a higher risk of money laundering or terrorist financing due to their ease of use or potential for anonymity.
3.3 Risk Appetite (Prohibited Industries, Jurisdictions, Relationships)
Noda recognizes that the risks of money laundering and terrorist financing associated with its open banking services may vary depending on the types of customers and business activities with whom it works. Noda's risk appetite has been outlined on the following page: https://noda.live/about/risk-appetite-policy
4. Customer Due Diligence
Customer due diligence (CDD) is a key component of Noda's Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) policy. The purpose of CDD is to ensure that Noda identifies and verifies the identities of its customers and monitors their transactions to detect any suspicious activity that may indicate money laundering or terrorist financing.
Noda is committed to complying with all relevant AML/CFT laws and regulations, and to maintaining the highest standards of integrity and professionalism in its business operations. As a licensed payment institution, Noda is required to have robust policies and procedures in place to prevent the use of its services for illegal activities, including money laundering and terrorist financing.
To achieve these objectives, Noda will implement the following CDD procedures:
- Customer identification and verification
- Enhanced due diligence
- Ongoing monitoring
- Record-keeping
- Politically exposed persons (PEPs)
- Third-party service providers
- Sanctions screening
These procedures will be applied to all customers and third-party service providers, as appropriate, and will be reviewed and updated on a regular basis to ensure that they remain effective and up-to-date.
4.1 Customer identification and verification
Noda will identify and verify the identity of all customers before providing them with any services. This will be done in accordance with the requirements of applicable laws and regulations, including the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.
A) Identification Documents:
Noda will obtain and verify the customer's name, address, date of birth, and other identifying information. Noda provides services only to corporate customers. In this context, individual persons refer to directors, authorized signatories, shareholders and ultimate beneficial owners.
The following information will be collected for directors, authorized signatories, shareholders and ultimate beneficial owners:
- Full name
- Residing Address
- Date of Birth
- Place of Birth
- Nationality
Information will be verified by obtaining the following documents:
- Passport
- National ID card
- Bank Statement (dated within the last 3 months)
- Utility Bill (dated within the last 3 months)
- Internet/cable TV/house/phone line bills
- Tax Returns
- Council Tax Bills
- Government-issued certifications of residence, documents etc.
B) Corporate Customers:
For corporate customers, Noda will also identify and verify the identity of the beneficial owners, officers, and directors of the company. This may include obtaining information about the ownership structure of the company, such as a share register and/or articles of association, as well as identifying the natural persons who ultimately own or control the company.
The following information will be collected from corporate customers:
- Full legal name of the company
- Registered number
- Registered office address in country of incorporation
- Business address (if different from registered address)
- Names of all directors (identifying those who exercise control over the management of the company)
- Names of all beneficial owners who own or control more than 25% of its shares or voting rights
- Business trading name (if different)
- Purpose and nature of the business relationship
The verification of the corporate customer will be done by obtaining one or more of the following valid documents:
- Certificate of Incorporation
- Memorandum and Articles of Association (optional)
- Register of Shareholders
- Register of Directors (optional, if not possible to verify via public sources)
- Certificate of Incumbency (optional)
- Certificate of Good Standing (optional)
- Corporate Bank Statement
Depending on the nature of the customer's business and their assessed level of risk for money laundering activities, there may be additional documents that are required.
- Valid Licence
- AML/KYC policy
- CDD policy
- Office Lease Agreement
- Proof of Domain ownership
- The latest audited Financial accounts
- Corporate Structure
- Agreements with vendors/partners;
C) Reliance on Third Parties:
In certain circumstances, Noda may rely on third parties to perform customer identification and verification procedures. This may include relying on another regulated entity to perform the identification and verification procedures, provided that entity is subject to the same AML/CFT requirements as Noda.
D) Non-Face-to-Face Customers:
For customers who are not physically present, such as online customers, Noda will implement additional measures to verify their identity. This may include obtaining additional documentation and/or requiring ID Verification via third-party service providers, for example, Sum&Sub.
By implementing these customer identification and verification procedures, Noda can better identify and mitigate the risks of money laundering and terrorist financing associated with its customers and services.
4.2 Ongoing Monitoring
Noda will monitor all customer accounts on an ongoing basis to detect any suspicious activity. This will include reviewing customer transactions and activities for any unusual patterns or behaviors, as well as conducting periodic reviews of customer information to ensure that it remains accurate and up-to-date.
4.3 Politically Exposed Persons
A PEP is defined as an individual who is or has been entrusted with prominent public functions, including heads of state or government, senior politicians, senior government, judicial or military officials, senior executives of state-owned corporations, and important political party officials.
- Risk Assessment: Noda will conduct a risk assessment to determine if a customer is a PEP or if they have a close relationship with a PEP. This assessment will be based on the customer's country of origin or residence, their occupation, their transaction history, and any other relevant information.
- Enhanced Due Diligence: For customers who are determined to be PEPs or who have close relationships with PEPs, Noda will conduct enhanced due diligence measures. This may include obtaining additional information about the source of funds, conducting additional identity verification checks, and monitoring transactions on an ongoing basis.
- Screening: Noda will screen all customers and beneficial owners against relevant PEP lists and watchlists, to ensure that it is not providing services to individuals who may be at a higher risk for money laundering or terrorist financing.
- Approval Process: For customers who are determined to be PEPs, the account opening and transaction approval process will be subject to additional levels of scrutiny and review, in accordance with applicable laws and regulations.
- Record Keeping: Noda will maintain records of all PEP-related due diligence activities, as well as any other information obtained during the customer due diligence process. These records will be kept in accordance with applicable laws and regulations and will be made available to the relevant authorities upon request.
By implementing these procedures for PEPs, Noda can better mitigate the risks of money laundering and terrorist financing associated with individuals who may be at a higher risk due to their prominent public functions or associations.
4.4 Third-Party Relationships
Third-party relationships for Noda encompass external partnerships posing AML/CFT risks, such as White Label solutions, agents, resellers, or other service providers.
- Noda conducts risk assessments based on service type, third-party location, and customer data nature.
- Due diligence includes verifying third-parties' identity, reputation, financial stability, and assessing their AML/CFT policies.
- Contractual obligations enforce AML/CFT compliance, including reporting suspicious activities promptly.
- Ongoing monitoring ensures contractual compliance and detects suspicious activities indicating money laundering or terrorist financing.
- Noda reserves the right to terminate relationships with non-compliant or high-risk parties.
- Record-keeping of due diligence and monitoring activities, including suspicious activity reports, is maintained and available as per regulations.
These procedures enable Noda to mitigate AML/CFT risks associated with third-party relationships.
4.5 Dormant Accounts
Noda commits to identifying and managing dormant accounts. These accounts, inactive for 12 months or more, will be identified. Customers will be notified of their account status and any associated fees. Noda will monitor these accounts for suspicious activity as per its AML/CFT program and close them accordingly if inactive for 12 months or more, or longer if specified in the contract.
5. Enhanced Due Diligence
Noda will apply enhanced due diligence (EDD) measures for higher-risk customers, in line with laws and regulations. Risk assessments for all customers will consider factors like business nature, origin, transaction history, and relevant details. EDD is conducted on customers, beneficial owners, and third-party representatives identified as high-risk. This approach aims to understand transactions deeply and mitigate risks. Examples of EDD situations include:
- Customers assessed as presenting a high risk for money laundering or terrorist financing, based on our risk-based approach.
- Politically Exposed Persons (PEPs) - individuals who hold prominent public positions, or their family members or close associates.
- High-Risk Countries - countries identified by credible sources, such as FATF, as having a higher risk for money laundering or terrorist financing.
- High-Value Transactions - transactions that are above a certain threshold, as determined by our internal risk management framework.
- Complex Ownership Structures - customers with complex ownership structures that make it difficult to identify the ultimate beneficial owner.
- Unusual Transactions - transactions that are unusual for the customer, or that are inconsistent with the customer's known business or risk profile.
EDD measures may include:
- Additional Information: Obtain customer, business relationship, and fund source details, including wealth source, employment history, and ties to high-risk jurisdictions or politically exposed persons (PEPs).
- Certification: Require certain documents from high-risk customers to be certified by a qualified individual to verify authenticity.
- Ongoing Monitoring: Monitor higher-risk customers to detect suspicious activity, conducting frequent reviews and gathering additional information as needed.
- Approval: Seek senior management approval for initiating or continuing relationships with higher-risk customers.
- Transaction Review: Review all transactions involving higher-risk customers to ensure alignment with their known profile and business relationship.
- Sanctions Screening: Screen higher-risk customers against relevant sanctions and watchlists to avoid servicing prohibited persons or entities.
By implementing these EDD measures, Noda can better identify and mitigate the risks of money laundering and terrorist financing associated with higher-risk customers and services.
6. Sanctions, PEP and Adverse Media Screening
As part of our risk-based approach to AML/CFT compliance, we conduct screening of our customers, beneficial owners, and any third-party representatives against various sanctions lists, as well as for Politically Exposed Persons (PEPs) and adverse media.
Sanctions screening involves screening against international, regional, or national sanctions lists, as well as those provided by regulatory bodies, including but not limited to:
- The Office of Foreign Assets Control (OFAC) - a regulatory body of the US Department of the Treasury responsible for administering and enforcing economic and trade sanctions based on US foreign policy and national security goals;
- Her Majesty’s Treasury Department – UK (HMT) - responsible for implementing and enforcing financial sanctions in the UK, including those issued by the European Union and United Nations.
- European Union sanctions (EU) - a list of individuals, entities, and countries subject to restrictive measures, including asset freezes and travel bans, issued by the European Union.
- United Nations sanctions (UN) - a list of individuals, entities, and countries subject to sanctions, including asset freezes and arms embargoes, issued by the United Nations Security Council.
PEP screening involves identifying and conducting enhanced due diligence on individuals who hold prominent public positions, as they pose a higher risk for money laundering and terrorist financing.
Adverse media screening involves reviewing relevant media sources such as news articles or regulatory reports for negative information related to the customer.
7. Record Keeping
Noda is committed to maintaining accurate and complete records in accordance with all applicable laws and regulation. This section delineates Noda's record-keeping obligations.
Retention Period: Noda will retain all records relating to its AML/CFT program, including customer due diligence, records of all customer identification, verification procedures, enhanced due diligence, transaction monitoring, and suspicious activity reporting, for a minimum of five years from the date of the transaction or the end of the business relationship, whichever is later.
Security: Records will be kept in a secure location or system to prevent unauthorized access, alteration, or destruction.
Accessibility: Records will be made available to relevant authorities, including law enforcement and regulatory bodies, upon request.
8. Compliance Monitoring
Noda is committed to ensuring that our AML/CFT program remains effective and up-to-date. We have established a compliance monitoring program to assess the effectiveness of our AML/CFT measures and to identify and mitigate any potential gaps or weaknesses in our program.
Internal Compliance Testing
Noda will internally test its compliance regularly, reporting to the board and suggesting improvements. This includes testing policies, procedures, and controls, documenting results, and collaborating with external auditors to ensure legal compliance.
External Audit
Externally, Noda will engage auditors to periodically review its program's effectiveness and compliance with laws and regulations.
9. MLRO Role and Responsibilities
The Money Laundering Reporting Officer (MLRO) is responsible for the implementation and oversight of Noda's AML/CFT program. The MLRO is a key member of our senior management team and reports directly to the Board of Directors.
The MLRO's specific roles and responsibilities include:
- Developing and maintaining Noda's AML/CFT policies and procedures.
- Conducting risk assessments.
- Monitoring and reporting suspicious activity.
- Training staff.
- Maintaining records.
- Reporting to the Board of Directors.
- Liaising with regulators and law enforcement.
The MLRO is supported in their roles and responsibilities by the AML team, which includes staff members from across the organization. The MLRO also has access to the resources and support necessary to carry out their duties effectively, including training, technology, and legal advice.