BLAXEN PAY LTD
Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) Compliance Policy

Version

1.0 Blaxen Pay LTD Version 1 created on March 2024

Definitions

The following are a list of definitions used throughout this document:

AML: Anti-money laundering

CDD: Client due diligence

CTF: Counter terrorist financing

EDD: Enhanced due diligence

EFT: Electronic funds transfer

HIO: Head of an international organization

KYC: Know your client

Money laundering (“ML”): Knowingly or recklessly dealing with the proceeds or property derived directly or indirectly as a consequence of an indictable offence, with the intent to conceal or convert any part of them. Concealment is a not necessary for an offence and conversion can be as simple as a deposit or a transfer.

PEP: Politically exposed person

Proceeds: Proceeds refers to any property derived from or obtained, directly or indirectly, through the commission of an offence.

Program: The set of policies and procedures laid out in this document that apply to all employees including contractors, consultants, partners, professional employees and students of Blaxen Pay LTD. and all its related subsidiaries and entities.

Terrorism financing (“TF”): Terrorist financing is the financing of terrorist acts, and of terrorists and terrorist organisations.

Terrorist: The term terrorist refers to any natural person who: (i) commits, or attempts to commit, terrorist acts by any means, directly or indirectly, unlawfully and wilfully; (ii) participates as an accomplice in terrorist acts; (iii) organises or directs others to commit terrorist acts ; or (iv) contributes to the commission of terrorist acts by a group of persons acting with a common purpose where the contribution is made intentionally and with the aim of furthering the terrorist act or with the knowledge of the intention of the group to commit a terrorist act.

Terrorist Act: A terrorist act includes:

1. an act which constitutes an offence within the scope of, and as defined in one of the following treaties: (i) Convention for the Suppression of Unlawful Seizure of Aircraft (1970); (ii) Convention for the Suppression of Unlawful Acts against the Safety of Civil Aviation (1971); (iii) Convention on the Prevention and Punishment of Crimes against Internationally Protected Persons, including Diplomatic Agents (1973); (iv) International Convention against the Taking of Hostages (1979); (v) Convention on the Physical Protection of Nuclear Material (1980); (vi) Protocol for the Suppression of Unlawful Acts of Violence at Airports Serving International Civil Aviation, supplementary to the Convention for the Suppression of Unlawful Acts against the Safety of Civil Aviation (1988); (vii) Convention for the Suppression of Unlawful Acts against the Safety of Maritime Navigation ( 2005); (viii) Protocol for the Suppression of Unlawful Acts against the Safety of Fixed Platforms located on the Continental Shelf (2005); (ix) International Convention for the Suppression of Terrorist Bombings (1997); and (x) International Convention for the Suppression of the Financing of Terrorism (1999).
2. any other act intended to cause death or serious bodily injury to a civilian, or to any other person not taking an active part in the hostilities in a situation of armed conflict, when the purpose of such act, by its nature or context, is to intimidate a population, or to compel a government or an international organisation to do or to abstain from doing any act.

Terrorist Organisation: The term terrorist organisation refers to any group of terrorists that: (i) commits, or attempts to commit, terrorist acts by any means, directly or indirectly, unlawfully and wilfully; (ii) participates as an accomplice in terrorist acts; (iii) organises or directs others to commit terrorist acts; or (iv) contributes to the commission of terrorist acts by a group of persons acting with a common purpose where the contribution is made intentionally and with the aim of furthering the terrorist act or with the knowledge of the intention of the group to commit a terrorist act.

Introduction

Blaxen Pay Ltd. (“Blaxen Pay LTD” or the “Company”) is a money services business (“MSB”), registered with the Financial Transaction Reporting and Analysis Centre (“FINTRAC”) for the purpose of providing funds transfer and foreign currency exchange services. The Company operates from a single, non-client facing head office location in Vancouver, British Columbia.

Blaxen Pay LTD primarily services entity clients for the purpose of settling invoices with suppliers and/or receiving payments from client. On a limited basis, the Company may provide services to individuals at the discretion of the anti-money laundering (“AML”)/counter-terrorism financing (“CTF”) Compliance Officer (the “Compliance Officer”). Clients initiate transactions exclusively via the Company’s online web portal. When initiating a payment, clients send a wire transfer in the local currency to the Company’s corporate account. The Company converts the received funds into the desired currency and remits the funds to the account of the beneficiary via wire transfer. All foreign currency exchanges are ancillary to the transfer of the funds.

The Company’s clientele is located in the following countries:

• Canada
• Mexico
• Hong Kong
• Singapore
• Cyprus
• Brazil
• United Kingdom

Transfers are most typically conducted between those jurisdictions. The provision of services to residents of Quebec or entities that are registered in that province is strictly prohibited.

The most commonly traded currencies include:

• United States Dollars (“USD”)
• Japanese Yen (“JPY”)
• British Pound Sterling (“GBP”)
• Canadian Dollars (“CAD”)
• Swiss Francs (“CHF”)
• European Union Euros (“EUR”)

All monetary values referenced in this document refer to the value in CAD unless otherwise noted.

Regulatory framework

Proceeds of crime (money laundering) and terrorist financing act

In December 2001, Canada enacted the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (“PCMLTFA” or the “Act”). The objectives of the Act and the regulations created under it (collectively, the “Legislation”) are to deter money laundering and terrorist financing (“ML/TF”) and aid in the identification, investigation and prosecutions of ML/TF offences.

The Legislation makes it mandatory for various individuals and entities (“Reporting Entities”) to implement a compliance program that meet the requirements set out in the Legislation.

The PCMLTFA also established FINTRAC as the agency responsible for the collection, analysis and disclosure of information to assist in the detection, prevention and deterrence of ML/TF activities in Canada and abroad. FINTRAC is Canada’s financial intelligence unit and fulfills their mandate through the following activities:

• Receiving financial transaction reports and voluntary information in accordance with the PCMLTFA;
• Ensuring compliance of reporting entities with the PCMLTFA;
• Producing financial intelligence relevant to ML/TF and threat to the security of Canada investigations;
• Researching and analyzing data on trends and patterns in ML/TF;
• Maintaining a registry of money services businesses in Canada; and
• Enhancing public awareness and understanding of ML/TF activities.

Towards the achievement of its mandate of ensuring compliance with the PCMLTFA, FINTRAC conducts periodic examinations of Reporting Entities.

FINTRAC is authorized to levy administrative monetary penalties against Reporting Entities that fail to implement effective compliance programs and to recommend instances of criminal non-compliance for prosecution.

Compliance with anti-money laundering and counter terrorist financing laws and regulations

Blaxen Pay LTD is considered to be an MSB, as defined in section 5(h) of the PCMLTFA, because the Company provides foreign exchange and remittance services to its clients. As such, it is considered a Reporting Entity with obligations to meet the requirements specified by the Legislation.

The Legislation imposes certain responsibilities on MSBs when they conduct transactions. Those responsibilities include, but are not limited to:

• keeping registration and licensing up to date;
• maintaining a program to comply with the Legislation;
• identifying clients in prescribed circumstances;
• keeping records about their transactions;
• monitoring business relationships; and
• reporting prescribed transactions to FINTRAC.

Penalties and consequences of non-compliance

The failure of a Reporting Entity to implement and adhere to an effective compliance program can expose it to serious regulatory intervention and potentially affect its ability to conduct business. If FINTRAC observes compliance failures, it has the option to:

• Apply monetary penalties, which range from $1,000 per violation to $500,000 per violation based on the severity of the failure; or
• Refer offences for criminal prosecution with potential fines up to $2 million and/or imprisonment for up to five years.

Employees can be subject to criminal prosecution if they fail to report suspicious transactions to FINTRAC, unless the suspicion was reported to their direct supervisor. Directors and officers can be subject to prosecution if they direct, authorize, assent to, acquiesce or participate in the commission of a compliance offence of a reporting entity.

No criminal or civil proceedings may be brought against a person for making a report in good faith concerning a suspicious transaction.

Msb registration and renewal

The Company is registered with FINTRAC as an MSB and is required to periodically renew its registration and keep its registration up to date. The Company does not provide services or have offices in the province of Quebec and as such, they are not required to register with or obtain a license from the Quebec provincial regulator, the Autorité des marchés financiers (“AMF”).

Changes to Blaxen Pay LTD’s registration information with respect to the following must be submitted to FINTRAC no later than 30 days of a change occurring:

• MSB services offered;
• Information about financial accounts used to provide MSB services;
• Information about other Canadian MSBs Blaxen Pay LTD uses to conduct transactions;
  Information about the Company’s anti-money laundering (“AML”) and counter-terrorism financing (“CTF”) Compliance Officer (“Compliance Officer”);
• Incorporation information (name, registered address, etc.);
• Information about the Company’s owners and senior management, including but not limited to name and date of birth;
• Detailed information about every branch; and
• Detailed information about every Canadian MSB agent.

It is the responsibility of Blaxen Pay LTD’s Compliance Officer to keep the Company registration information up to date. The Compliance Officer reviews Blaxen Pay LTD’s registration on a monthly basis and updates the registration information as required.

When the Company renews its FINTRAC registration, the Compliance Officer also updates the number of individuals that Blaxen Pay LTD employs, as well as the estimated annual transaction value. [1]

Blaxen Pay LTD’s Compliance Officer or delegate is required to renew the Company’s registration every two years prior to expiry.

Economic sanctions laws and regulations

Canada’s legislative measure against terrorists, terrorist groups and other listed and sanctioned individuals and entities are contained in various Canadian statutes and regulations, or those adopted by Canada, including the Criminal Code of Canada, United Nations Act, and Special Economic Measures Act (“SEMA”).

These regulations are applicable to all individuals and entities conducting business in Canada as well as all Canadian citizens and Canadian incorporated businesses operating outside of Canada.

The Department of Foreign Affairs, Trade and Development (“DFATD”) and the Department of Public Safety Canada (“PS”) are responsible for administering the statutes and regulations within Canada.

For the purposes of this document a “Listed Individual” is any person or entity listed on a government created list, or one created by a relevant regulatory body, of those individuals or entities associated with or suspected of being associated with terrorism. Specific measures vary depending on the relevant legislation but broadly include:

• prohibitions in dealing with property owned or controlled by Listed Individuals.
• prohibitions on providing any financial or related services in respect of property owned or controlled by Listed Individuals; and
• prohibitions on entering or facilitating transactions with or making available property or financial services to Listed Individuals.

Penalties and consequences of non-compliance

Economic sanctions are enforced by the Royal Canadian Mounted Police (“RCMP”) or the Minister of Foreign Affairs and failure to comply can result in fines of up to $100,000 and/or imprisonment.

Policy objectives

This policy is written to express the commitment of Blaxen Pay LTD to comply with prevailing AML/CTF obligations under the Legislation. To this end, the Company has implemented and maintains an effective and up-to-date program, including policies for customer identification, record keeping, ongoing monitoring and regulatory report filings.

The Company complies with this policy, which is designed to create a robust AML/CTF program to ensure that:

• the Company complies with the Legislation;
• Blaxen Pay LTD only enters into business relationships with those whose identities, activities and funds may reasonably be established to be legitimate;
• Company staff are trained to recognize and react appropriately to unusual ML and TF activity and understand their obligations to report activity and transactions/attempted transactions; and
• appropriate records are retained.

This policy formalizes roles and responsibilities across the organization with respect to these requirements with a view to helping the Company reduce legal, regulatory, financial and reputational risk. This policy is designed to ensure that all applicable regulatory requirements are met, and as such, it is imperative that all employees and management consistently adhere to the contents herein.

This policy has been reviewed and authorized by the senior management of the Company and a signed record of that approval is maintained for compliance purposes (refer to Section 1).

Aml/ctf compliance program

To ensure compliance with the Legislation, Reporting Entities are required to develop, apply and maintain a Compliance Program (“Program”). This document addresses the following elements of the Program:

• Written compliance policies and procedures;
• The appointment of a designated Compliance Officer;
• A risk-based assessment and management plan;
• An ongoing training program; and
• Periodic compliance effectiveness reviews.

Policies and procedures

Blaxen Pay LTD has developed written compliance policies and procedures as required by the Legislation. These policies and procedures are an important component of the Company’s Program as they guide the Company’s decisions and actions with respect to how Blaxen Pay LTD complies with legislative obligations.

The Company’s compliance policies and procedures are:

• written and maintained in a form/format that is accessible to all employees.
• periodically reviewed and updated to reflect changes in legislation, changes in operations, or identified regulatory gaps; and
• approved by senior management.

Blaxen Pay LTD’s written policies and procedures outline all obligations, corresponding processes and controls applicable under the Legislation, including:

• development and maintenance of the Program;
• client identification and other due diligence;
• ongoing monitoring and other responsibilities relating to
• business relationships;
• maintenance of required records; and
• the reporting of prescribed transactions to FINTRAC.

Blaxen Pay LTD’s written policies and procedures also address how the Company handles ministerial directives and transaction restrictions, which are targeted measures issued by the Minister of Finance to protect Canada’s financial system from being used for ML/TF purposes.

Appointment of a designated compliance officer

The Company has appointed a Compliance Officer who is responsible for the implementation and maintenance of the Program and is provided with unfettered access to all pertinent information and records throughout the business.

A back-up Compliance Officer may also be designated during times when the Compliance Officer is absent. In the absence of the Compliance Officer, the back-up Compliance Officer has the same responsibilities and authority as the Compliance Officer.

The Compliance Officer may choose to delegate certain duties. However, where such a delegation is made, the Compliance Officer retains overall responsibility for the implementation of the Program.

The Company must maintain the appointment of a Compliance Officer at all times. If a vacancy in this position occurs, Blaxen Pay LTD ensures that a new Compliance Officer is appointed immediately. It is the responsibility of Senior Management to maintain the appointment of a Compliance Officer.

The appointment of Transfer Clear’s Compliance Officer has been documented in Appendix A.

Responsibilities of the designated compliance officer

The Compliance Officer is responsible for the direction of the Program, and for ensuring that all existing and future employees and business affiliates of the Company adhere to policy and procedural standards outlined in this document.

The Compliance Officer is responsible for the following:

• Ensuring compliance with the Company’s Program;
• Providing a timely risk analysis and ensuring that the Program is current and relevant to identified risks;
• Ensuring written AML/CTF policies and procedures are kept up to date;
• Assessing the adequacy of system resources, including those required to identify and report suspicious and attempted suspicious transactions;
• Developing and implementing training for all employees;
• Ensuring that the Program undergoes an effectiveness review as required by the Legislation;
• Staying up to date with relevant industry trends and changes;
  Ensuring that all employees follow documentation retention requirements;
• Acting as the principal point of contact for communications with regulatory authorities;
• Ensuring that reportable transactions are reported to FINTRAC within the mandated timeframe; and
  Ensuring that customer due diligence (“CDD”) and enhanced due diligence (“EDD”) is conducted as required by Company policy.

The Compliance Officer or delegate provides reports to the board of directors or senior management at least monthly regarding:

• clients that have been identified as high-risk;
• information on reporting metrics to FINTRAC;
• any incidents of non-compliance with this policy; and
• significant changes identified in the Company’s ML/TF risk profile

Risk based assessment and management

Blaxen Pay LTD uses a Risk-Based Approach (“RBA”) to assess the risks related to ML/TF, as well as to document and implement mitigating controls to address those risks.

Blaxen Pay LTD’s risk assessment and methodology were developed in accordance with FINTRAC’s guidance on the risk-based approach and risk-based approach workbook for MSBs and with consideration of industry sources and best practices to assess the ML/TF risks related to:

• geographies of the Company’s operations;
• services/access channels the Company provides to its clients including those based on new and developing technologies;
• client relationship characteristics; and
• other relevant factors (where applicable).

The risk assessment and methodology are maintained by the Compliance Officer or delegate and are to be used by the Company during day-to-day operations to assess the level of risk that a particular business relationship or individual transaction presents. The risk assessment and methodology are maintained separately from this document. Please refer to the Company’s AML/CTF Risk-Based Approach Methodology and Assessment (the “Risk Assessment”) for more information.

The Compliance Officer or delegate is responsible for ensuring that the Risk Assessment is kept up to date and reviewed at least every two years, or when there are changes to assessed risk factors (e.g., the addition of new products or services). A record of reviews and changes is maintained by the Compliance Officer or delegate.

The Risk Assessment takes into consideration the inherent risk of business activities and client relationships. Inherent risk is the intrinsic risk of an event or circumstance that exists before the application of controls or mitigation measures. For areas that have been identified as being high-risk, controls or measures should be in place to mitigate the identified risk, including conducting enhanced ongoing monitoring and keeping client information up to date. See TranferClear’s Risk Assessment for more information.

Employee due dilligence and training

Blaxen Pay LTD aims to recruit, attract, and retain employees who are qualified, competent and ethical. Blaxen Pay LTD takes steps to ensure the Company does not hire employees with criminal records and conducts background checks on new employees at the time of hire.

In order to ensure that employees understand the Company’s reporting, client identification and record keeping obligations, Blaxen Pay LTD provides training to all staff that:

• have direct contact with the clients;
• assist in processing or monitoring client transactions;
• handle funds in any way; or
• are responsible for implementing or overseeing the compliance program,

Blaxen Pay LTD’s training program is designed to ensure that employees and those authorized to act on behalf of the Company receive compliance training as required by the Legislation. Training content is intended to ensure that employees of the Company and those authorized to act on behalf of the Company are aware of and understand:

• what ML is;
• what TF is and how that process usually works;
• customer identification and due diligence requirements;
• recordkeeping requirements;
• penalties for non-compliance;
• internal policies and procedures and job-related responsibilities.
• industry specific vulnerabilities;
• examples of how the products and services offered by the Company are vulnerable to ML/TF abuses; and
• individual legal responsibilities.

Training content is reviewed, and updated if necessary, at a minimum of every two years but may be updated more frequently as required.

The Compliance Officer or delegate ensures that training is given to all employees on an annual basis and/or when new procedures are implemented. New employees are required to complete the training within 90 days of joining the Company.

Ongoing training may be provided in the form of PowerPoint presentations, in house presentations by the Compliance Officer or delegate, departmental discussions, on-line presentations, guest speakers or written presentations. Training may be produced and/or conducted by an external agency, as appropriate. In all cases, the date, nature of the training session and names of attendees is documented and retained for audit purposes (refer to Appendix B for the training log template).

All employees are required to complete an AML/CTF quiz at the conclusion of initial and annual refresher training, as well as sign an attestation that they have completed their AML/CTF training. In order to complete training, employees are required to obtain a minimum quiz score of 80%. Re-tests are given to those employees that do not pass the test on the first attempt. Employees that fail to obtain a score of 80% or higher on their second attempt receives remedial training.

Quiz results are retained by the Compliance Officer or delegate and are available upon request.

Effectiveness review

The Legislation requires that an independent effectiveness review of the Program be conducted at a minimum of every two years. The Company may conduct the review internally or may outsource the review to an external firm. The Compliance Officer or delegate ensures that the reviewer is sufficiently qualified and possesses appropriate knowledge of ML/TF risks and controls and relevant threats and requirements.

The effectiveness review is conducted with a view to identifying areas where policies and procedures may require updating, and where lapses in compliance with respect obligations and/or the Company’s policies and procedures. The objective of the review is to find unknown gaps in the Program. Where necessary, the Compliance Officer or delegate must design an action plan to remediate any deficiencies, identifying the parties responsible for implementing the changes, and a timeline for remediation. The Compliance Officer or delegate ensures any required changes or updates to information are appropriately communicated.

During the review, a sample of client files and transactional information is selected and reviewed against Blaxen Pay LTD’s policies and procedures to ensure the standards were met. The evaluation is expected to be risk-based and provide an opinion on the quality of risk management and mitigation at Blaxen Pay LTD.

The results of the effectiveness review must be reported in writing to the board of directors or senior management no later than 30 days after the completion of the review. The report includes:

• the findings of the review (e.g. deficiencies identified, planned corrective actions, an implementation timeline, etc.);
• any updates that were made to the policies and procedures during the reporting period; and
• the status of the implementation of the updates made to the policies and procedures.

Know your client obligations

Blaxen Pay LTD acknowledges the importance of implementing appropriate know your client (“KYC”) controls and procedures in order to identify its clients, develop client profiles, and understand expected transactions in such a way as to diminish its legal, financial and reputational risk.

Furthermore, whenever engaging in activities governed by the PCMLTFA, known as “Qualifying Activities”, the Legislation imposes certain requirements such as identification, record keeping and reporting when performing prescribed transactions.

This section outlines the policies and procedures with respect to client identification, business relationships, ongoing monitoring, third-party determinations and client screening.

Information collection and initial due diligence

Blaxen Pay LTD collects the following information from prospective clients at the time of onboarding:

1. For individuals:

• Client first and last name;
• Residential address;
• Email address;
• Phone number;
• Date of birth;

2. For entities

• Registered and DBA names;
• Name in local language (if applicable);
• Registered and physical addresses;
• Email address;
• Phone number;
• Nature of business;
• Names of directors (for corporations);
• Name and address of beneficial owners;
• Name, address and date of birth for employees authorized to order transactions; and
• Name, address and date of birth of signing officers.

Further, the Company reviews the website of all entity clients to more clearly understand the nature of the client’s operations

In addition to the information described above, Blaxen Pay LTD additionally determines the purpose and intended nature (“PIN”) of the business relationship for all clients at the time of onboarding. The PIN record consists of the following details:

• Expected payees and payors and their relationship to the client;
• Expected incoming and outgoing monthly and annual volumes; and
• Expected incoming and outgoing jurisdictions.

Blaxen Pay LTD also verifies the identity of both individual and entity clients, as well as entities’ beneficial owners and directors (collectively “Principals”) prior to the completion of the onboarding process using the methods described in Section 7.3, as well as conducting watchlist screening of clients and Principals. See Section 7.6 for more information on the client screening process. Additionally, the Compliance Officer or delegate also conducts an open-source adverse media search on new clients and in the case of entities, their Principals. Records of these searches are maintained and include the following details:

• The date of the search;
• The terms that were used to conduct the search; and
• The results of the search (regardless of whether any adverse findings are identified).

At the discretion of the Compliance Officer, the Company may elect to conduct some, or all of the measures described above with respect to a client’s payor or payee.

Identification of qualifying activities

The following describes the “Qualifying Activities” and corresponding regulatory obligations triggered by those activities, based on the Company’s current business model. These include:

• Remittances or transmission transactions;
• Creation of an information record;
• Suspicious transactions and attempted suspicious transactions.

Remittance or transmission transactions

Prior to June 1, 2021, electronic funds transfer (“EFT”) means the transmission — through any electronic, magnetic or optical device, telephone instrument or computer — of instructions for the transfer of funds, other than the transfer of funds within Canada. In the case of SWIFT messages, only SWIFT MT 103 messages are included.

Amendments to the Legislation coming into force in June 2021, affect the definition of an EFT. It is Blaxen Pay LTD’s policy to use the definition in effect at the time a transaction takes place. As such, the following replaces the above definition on and after the date the change comes into effect:

EFT means the transmission – by any electronic, magnetic or optical means – of instructions for the transfer of funds, including a transmission of instructions that is initiated and finally received by the same person or entity. In the case of SWIFT messages, only SWIFT MT-103 messages and their equivalent are included.

It does not include a transmission of instructions for the transfer of funds:

• that is carried out by means of a credit or debit card or a prepaid payment product if the beneficiary has an agreement with the payment service provider that permits payment by that means for the provision of goods and services;
• that involves the beneficiary withdrawing cash from their account;
• that is carried out by means of a direct deposit or a pre-authorized debit;
• that is carried out by cheque imaging and presentment;
  that is both initiated and finally received by persons or entities that are acting to clear or settle payment obligations between themselves; or
• that is initiated or finally received by a person or entity referred to in paragraphs 5(a) to (h.1) of the Act for the purpose of internal treasury management, including the management of their financial assets and liabilities, if one of the parties to the transaction is a subsidiary of the other or if they are subsidiaries of the same corporation.

The Company ensures that the originator and beneficiary information, specifically, name, address and account number (if applicable), is included with the transfer instructions, when sending a domestic or international EFT that is:

• valued at $1,000 or more; or
• where the Company has reasonable grounds to suspect that the EFT is related to a ML/TF offence.

If the Company receives an EFT of $1,000 or more or for which the Company has reasonable grounds to suspect that the EFT is related to a ML/TF offence, that is missing the name, address and account number (if applicable) of either the originator or the beneficiary, Blaxen Pay LTD takes reasonable measures to obtain this information. In this context, reasonable measures could include contacting the institution that sent the payment instructions. Where reasonable measures are unsuccessful, Blaxen Pay LTD must employ a risk-based approach to determine whether to accept the transfer and to determine if any other follow up measures are warranted. In practice, if after taking reasonable measures, Blaxen Pay LTD is not able to obtain missing sender/beneficiary information, Blaxen Pay LTD will rejects the incoming EFT.

If Blaxen Pay LTD’s client is the originator of an EFT of $1,000 or a beneficiary of an international EFT of $1,000 or more, the Company is required to:

• verify the identity of the client requesting the transaction (for outgoing EFTs) or the client receiving the transfer (for incoming EFTs) at the time that the transaction takes place (see Section 7.3); and
• keep a record of the transaction (see Section 12)

By policy, Blaxen Pay LTD verifies the identity of their clients prior to conducting the first transaction as described in Section 7.1.

Additionally, for incoming and outgoing international EFTs of $10,000 or more, the Company is required to submit an EFT report to FINTRAC. (see Section 10.1).

Further, the Company obtains a copy of an invoice for all incoming or outgoing EFTs in order to ensure that the purpose of the transaction was well understood. At the discretion of the Compliance Officer, the Company may request additional supporting documentation for a transaction.

Creation of Records

As a policy, Blaxen Pay LTD enters into an ongoing service agreement (“OSA”) with all entity clients, prior to the client conducting their first transaction.

An OSA is an agreement between the client and Blaxen Pay LTD, under which the Company provides foreign exchange and/or fund remittance services on an ongoing basis (see Appendix C).

Upon entering into an OSA, an information record is created that contains the name, address, phone number and nature of the entity’s principal business (see Section 7.1).

When creating an information record, the Company also takes reasonable measures to determine if the entity will be conducting transactions on behalf of a third-party, as described in Section 7.4. When entering into an OSA, the Company additionally collects the following information:

• Record about those who signed the agreement– the name, address, date of birth and occupation of every individual who signed the OSA on behalf of the entity
• List of authorized employees– the name, address and the date of birth of every employee of the entity who is authorized to order transactions under the OSA.

For entities that are corporations, if, in the normal course of operations, the Company obtains a copy of the part of the official corporate records showing the provisions that relate to the power to bind the corporation regarding transactions (e.g., certificate of incumbency, articles of incorporation or the bylaws of the corporation that set out the officers duly authorized to sign on behalf of the corporation, etc.), a record of those documents is maintained. If there were changes subsequent to the articles or bylaws that relate to the power to bind the corporation regarding the transactions and these changes were applicable at the time the client information record was created, then the board resolution stating the change would be included in this type of record.

By policy, Blaxen Pay LTD verifies the identity of all entity clients prior to conducting the first transaction as described in Section 7.1

Suspicious and attempted suspicious transactions

Blaxen Pay LTD takes reasonable measures to verify the identity of individuals and entities who conduct or attempt to conduct a suspicious transaction before submitting a Suspicious Transaction Report (“STR”) to FINTRAC, including transactions that might otherwise be exempted from client identification requirements.

By policy, Blaxen Pay LTD verifies the identity of their clients prior to conducting the first transaction as described in Section 7.1

Reasonable measures in this case may include asking the individual to provide photo identification or asking the entity to provide additional verification documentation.

Blaxen Pay LTD does not have to take reasonable measures to identify the individual or confirm the existence of an entity who conducts or attempts to conduct a suspicious transaction if:

• The Company has already verified the client’s identity as described in Section 7.3 and has no doubts about the identification information; or
• Blaxen Pay LTD believes that verifying the client’s identity would inform them that the Company is submitting an STR.

If the Company is not able to verify the client’s identity, a record of the reasonable measures taken, is maintained as described in Section 12.

For more information on identifying, investigating and reporting suspicious transactions, see Section 10.2.

Client identity verification

This section outlines the policies and procedures when Blaxen Pay LTD is required to verify a client’s identity, as described in Section 7.1 and Section 7.2. In all cases, staff are responsible for ensuring individuals and entities are appropriately identified using valid and up to date information.

General exceptions to identity verification

The Company does not have to re-identify a client if it previously did so using the methods specified in the Legislation in place at the time and the relevant records were kept, so long as there are no doubts about the information used to verify the identity.

The Company does not have to verify the identity of an individual that sends an EFT of $1,000 or more if that individual is authorized to conduct the transaction under an OSA.

The Company does not have to verify the names of the directors when it confirms the existence of a corporation that is a securities dealer.

Verifying the identity of an individual – dual process method

When verifying the identity of an individual, the Company relies on the dual process method. This method involves referring to information from two reliable and independent sources. The information may be found in documents from these sources or may be information that these sources are able to provide. If the Company refers to information provided from a source, it must be valid and current. The individual does not need to be physically present at the time that their identity is ascertained.

To use the dual process method to ascertain an individual’s identity, Blaxen Pay LTD can refer to documents or information from any two of the following categories:

• Documents or information from a reliable source that contain the individual’s name and date of birth;
• Documents or information from a reliable source that contain the individual’s name and address; or
• Documents or information that contain the individual’s name and confirms that they have a deposit, credit card or other loan account with a financial entity.

The Company must refer to documents or information from two independent, reliable sources to ascertain an individual’s identity, and all the information must match the information provided by the individual. If Blaxen Pay LTD refers to a document that has an expiry date, that document must be current, and if there is no expiration date, it must be the most recent version of the document. For example, if an individual provides the Company with a credit card statement or a Canada Revenue Agency (“CRA”) notice of assessment, it needs to be the latest one received by that individual. Additionally, the account or reference number on the document cannot be redacted or truncated.

The Company cannot rely on information issued by a single source, even if it confirms an account and contains the name, address and date of birth. It is also important to note that Blaxen Pay LTD cannot use the same source for the two categories of information you use to ascertain an individual’s identity. For example, the Company can refer to a bank statement that contains the individual’s name and address from Bank A and confirm a deposit account at Bank B. It would not be acceptable, however, to view a statement from Bank A, and confirm a deposit account at Bank A. As another example, Blaxen Pay LTD cannot rely on a CRA document that contains the individual’s name and address and a different CRA document that contains the individual’s name and date of birth, because the CRA is the same source for both documents.

For examples of reliable sources of information under the dual process method, refer to FINTRAC’s Guideline “Methods to identify individuals and confirm the existence of entities”.

The Company must always rely on valid and current information or documents from independent and reliable sources.

When using the dual process method to verify the identity of a client, the Company needs to keep the following records:

• The name of the individual;
• The sources of the information;
• The type of information (e.g. credit card statement);
• The account or reference numbers that are associated with the information.

Using a Canadian Credit File for the Dual Process Method

Blaxen Pay LTD can use a Canadian credit file as one of the sources to confirm name and address, name and date of birth or name and the existence of a financial account, provided that the credit file has been in existence for at least six months. The Company would then have to obtain documentation or information from another independent and reliable source from one of the other two categories.

Using a Credit Bureau Aggregator Product for the Dual Process Method

Credit bureaus can act as aggregators of information from different sources called tradelines (for example, a mortgage at one financial institution and a cell phone with a telecommunications company would be two separate tradelines).

The Company can utilize a credit bureau aggregator product to conduct the dual source method, as long as the product contains information from two independent and reliable tradelines that verify two of the individual’s name and address, name and date of birth or name and confirmation of financial account. The Company itself cannot be one of the tradelines. When relying on a credit bureau aggregator product, the tradelines contained in the product are the sources of information, not the credit bureau.

Verifying the identity of an entity

Whenever verifying the identity of an entity, Blaxen Pay LTD collects records to support the information provided about the entity and obtains and takes reasonable measures to confirm beneficial ownership, as outlined in the following section.

The Company refers to any one of the following and compares the name, address and in the case of corporations the names of the directors, with the information provided by the client:

Corporations

• The corporation’s certificate of corporate status
• A record that has to be filed annually under provincial securities legislation
• The corporation’s published annual report signed by an independent audit firm
• A letter or a notice of assessment for the corporation from a municipal, provincial, territorial or federal government (tax forms)
• The Corporations Canada page of the Strategies website

Entities other than a corporation

• A partnership agreement
• Articles of association
• Business registration
• CRA registration evidence for NFPs,
• A letter or a notice of assessment for the corporation from a municipal, provincial, territorial or federal government (tax forms)

When verifying the identity of a not-for-profit organization (“NFP”), Blaxen Pay LTD also determines whether or not that entity is a registered charity for income tax purposes and keeps a record to that effect. To make this determination, the client could be asked directly or their charitable status can be verified by consulting the charities listing on the Canada Revenue Agency (“CRA”) web site (http://www.cra-arc.gc.ca) and downloading a copy of the Directors and Trustees Worksheet from the Registered Charity information Return. If that entity is not a registered charity, Blaxen PayLTD determines whether or not it solicits charitable financial donations from the public and keeps a record to that effect.

By policy, the provision of services to unregistered NFPs that solicit donations from the public is strictly prohibited.

The record used to verify an entity’s identity can be a paper or an electronic version. Although such information may be provided verbally, it is not acceptable to use verbal information to verify an entity’s identity.

If the record is in paper format, a copy of the record must be kept. If the record is an electronic version, it must be from a public source, and the Company must retain a record that includes the following information:

• the entity’s registration number;
• the type of record consulted; and
• the source of the electronic version of the record.

Beneficial ownership

When verifying the identity of an entity, the Company is also required to obtain information about the entity’s beneficial owners and, if obtained, take reasonable measures to confirm the accuracy of the beneficial ownership information obtained.

A beneficial owner is a ‘natural person’ that directly or indirectly owns or controls 25% or more of a corporation or an entity other than a corporation, such as a partnership, or is the known beneficiary or settlor of a trust. For entities with no ownership rights, such as a not-for-profit, control over the organization is solely used to establish beneficial ownership.

When determining an entity’s beneficial ownership structure, the Company searches through as many levels of information as necessary in order to identify persons that own at least 25% of the entity.

At a minimum, the Company obtains the following information:

Corporations

• The names of all directors of the corporation;
• The names and addresses of all individuals who directly or indirectly own or control 25% or more of the shares of the corporation, including through bearer share holdings

Entities other than corporations

• The names and addresses of all individuals who directly or indirectly own or control 25% or more of the entity.

Trust

• The names and addresses of all trustees and all known beneficiaries and settlors of the trust.

Acceptable measures to determine the beneficial ownership information could include inquiry, searching a public database or referencing documents provided by the client or obtained externally. When determining the beneficial ownership structure of an entity, Blaxen Pay LTD keeps a record of the measures taken and the information obtained.

In situations where there is no individual who owns or controls 25% or more of an entity, the Company keeps a record of the measures taken and the information obtained to reach this conclusion.

In addition to obtaining the beneficial ownership information about an entity, the Company must also take reasonable measures to confirm the accuracy of that information. Blaxen Pay LTD maintains the documents or references used to confirm the beneficial ownership structure of the client in the client’s file.

The Company primarily confirms beneficial ownership information by having the client sign a document to confirm the veracity of the information that has been provided with respect to beneficial ownership information and control structure.

For clients that are determined to be high risk as a result of having an overly complex ownership structure, Blaxen Pay LTD may ask the client to provide documentation that confirms beneficial ownership, such as:

• minute book;
• securities register;
• shareholders register;
• articles of incorporation;
• annual returns;
• certificate of corporate status;
• shareholder agreements;
• partnership agreements; or
• board of director’s minutes or records establishing
• ownership or control.

For entities that are trusts, the Company obtains a deed of trust to confirm the provided ownership and control information.

If the Company is unable to obtain or confirm the accuracy of the beneficial ownership information, the Company treats the client as high risk, and takes reasonable measures to ascertain the identity of the CEO or equivalent, using the methods to verify the identity of an individual described in Section 7.3.2. Additionally, Blaxen Pay LTD keeps reasonable measures record as described in Section 12.

Identity verification of owners and directors

When Blaxen Pay LTD verifies the identity of an entity client, the Company also verifies the identity of each Principal using the method described in Section 7.3.2.

Third-party determination

A third-party transaction relates to a person or entity who instructs another person or entity to conduct a financial transaction on their behalf. It is not about who owns or benefits from the money, or who is carrying out the transaction or activity, but rather about who gives the instructions.

For example, when a person is acting on behalf of their employer, the employer is considered to be a third party.

Blaxen Pay LTD is required to determine whether an entity is or will be acting on behalf of a third-party when creating an information record when a client enters into an OSA.

When required to make a third-party determination, Blaxen Pay LTD requires that a client states whether they are acting on behalf of a third-party and keeps a record of the client’s response. If the Company identifies a third-party relationship, a record must be retained that includes the following information:

• The name of the third-party;
• The address of the third-party;
• The relationship between the client and the third-party;
• The occupation/nature of business of the third-party
• The date of birth of the third-party (if the third-party is an individual); and
• The incorporation/registration number and jurisdiction of incorporation/registration (if the third-party is an entity.

If Blaxen Pay LTD suspects that there is a third-party, but is unable to make a third-party determination, a record should be maintained that includes the following:

• Whether the client indicated that they were acting on behalf of a third-party, and additional measures that were taken to make the determination, if any; and
• a reasonable measures record, as described in Section 12. [2]

Blaxen Pay LTD utilizes the Third-Party Determination Form in Appendix D to record details regarding third parties.

Establishing a business relationship

A business relationship is established when a client conducts two or more transactions that occur within a maximum of five years from one another for which the Legislation requires Blaxen Pay LTD to verify the client’s identity. As of June 1, 2021, a business relationship is also established with each entity client with whom Blaxen Pay LTD enters into an OSA.

When a business relationship is established, a record of the purpose and intended nature (“PIN”) of the business relationship must be added to the client profile. All business relationships are also subject to ongoing monitoring in order to:

assess and periodically reassess client risk level based on their transactions and activities;
keep client identification and PIN records up to date; and
detect any transactions that need to be reported as suspicious.
A record is also kept of the measures taken to monitor business relationships and the information obtained as a result.

As of June 1, 2021, the Company is also required to determine if an individual is a PEP or a head on an international organization (“HIO”) at the onset of a business relationship and periodically after a business relationship has been established. See Section 7.6.2 for more information about PEPs and HIOs.

A business relationship expires five years from the date that a client conducts their most recent transaction.

Purpose and intended nature record

When a business relationship commences, a record of the PIN must be recorded. This describes the nature of the business dealings with the client and provides context to the types of transactions and activities that the client conducts.

By policy, Blaxen Pay LTD creates a record of the PIN prior to a client conducting their initial transaction.

The information that Blaxen Pay LTD collects to establish the PIN is described in Section 7.1. This information is recorded in the client’s profile.

Classification and reclassification of client risk

At the onset of a business relationship, Blaxen Pay LTD conducts and documents a risk assessment of the relationship and conducts due diligence measures consistent with the Company’s Risk Assessment, to ensure that enhanced measures are put in place for high-risk relationships.

The Company assigns a risk-rating of either low or high to each client. A classification of high risk is determined by several factors including transaction type, certain patterns of transaction activity, and client specific characteristics. Clients are automatically assessed as low risk if they are not assessed as high risk. All information collected as part of the client risk assessment, including if a client is rated high risk, becomes part of the client profile.

Blaxen Pay LTD has defined certain industries as being outside of the Company’s appetite for risk and the Company is prohibited from dealing with these clients. Any exception to these prohibitions must be reviewed and approved by the Compliance Officer or delegate. Refer to the Company’s Risk Assessment for a full list of prohibited client types.

High-risk relationships are subject to enhanced measures put in place by the Compliance Officer in order to mitigate relationship-based risk. Refer to Section 7.5.3 for more information about enhanced measures.

Risk ratings are updated on an ongoing and periodic basis and are based on factors that include, but are not limited to:

• transaction activity; and
• characteristics, including PEP/HIO and sanctions status.

A reassessment of client risk may also be triggered by the following events:

• becoming aware of illegal or illicit activities; or
• submitting a report to intelligence or law enforcement agencies with respect to suspicious transactions or terrorist property.

At a minimum, the Company re-evaluates client risk according to the client information update schedule that is specified in Section 7.5.3.

Please refer to the Company’s Risk Assessment for more information on how the Company assesses client risk.

Enhanced client due diligence

Blaxen Pay LTD applies EDD measures that are designed to mitigate the specific risk posed by each high-risk client. The minimum EDD measures that is conducted for each type of high-risk client is defined in the Company’s Risk Assessment.

The Compliance Officer or delegate, however, may apply any additional measure(s) that they determine is required to sufficiently mitigate a client’s risk.

Please refer to the Company’s Risk Assessment for more details related to EDD measures.

Keeping client information up to date

For all clients classified as being in a business relationship, Blaxen Pay LTD periodically reviews the client’s information in order to ensure that the information contained in the Company’s records remains up to date. The minimum frequency with which this information is updated is based on the ML and TF risk level associated with each client.

Client information is reviewed according to the following schedule:

• High-Risk Clients – at least annually
• Low Risk Clients – at least every five years

During a client information review, the Company reviews the following client information and updates that information as required:

• Client name;
• Client address;
• Client occupation/nature of business;
• Client telephone number and email; and
• Client PEP/HIO status.

When the Company documents a client’s occupation or nature of business, Blaxen Pay LTD needs to be as descriptive as possible. See Section 12.1 for more information.

For entity clients, Blaxen Pay LTD also reviews to determine if there have been changes to the entity’s beneficial ownership structure and directors (for corporations). If Blaxen Pay LTD identifies a change to the beneficial ownership structure, the Company must confirm the accuracy of the new beneficial ownership information, as described in Section 7.3.3(a) If after taking reasonable measures, Blaxen Pay LTD is unable to confirm the accuracy of the new beneficial ownership information, the Company treats the client as high risk and takes reasonable measures to verify the identity of the CEO or equivalent, using the client identification method described in Section 7.3.2 Additionally, Blaxen Pay LTD maintains a reasonable measures record, as described in Section 12.

The PIN record is considered by the Compliance Officer or delegate during reviews of unusual transactions and during scheduled transaction reviews. If the transaction activity does not appear to be consistent with the stated PIN, the Compliance Officer or delegate contacts the client to update it.

Ongoing Monitoring Of Transactions

Blaxen Pay LTD monitors the transaction patterns and activity of clients both within and without a business relationship on a periodic to identify suspicious indicators or patterns, as well as to determine whether the transactions are consistent with the information known about the client. Monitoring is also conducted in order to determine whether a client’s current risk rating needs to be adjusted and to meet the Company’s reporting requirements as described in Section 10.

Transaction monitoring is achieved through the use of an internally developed automated rules-based monitoring system. The system generates alerts for transactions and transaction patterns that are consistent with a variety of ML/TF indicators identified in publications issued by FINTRAC and the Financial Action Task Force (“FATF”).

Alerts can be triggered by events such as:

• Client sends/receives funds to/from a high-risk jurisdiction;
• Client conducts in international EFT valued at $7,000 to $9,999.99;
• Client sends $10,000 to the same payee or receives $10,000 from the same payor within a 30 day period;
• Five or more clients send funds to the same beneficiary senders within a 30-day period;
• Five or more clients receive payments from the same originator within a 30-day period; or
• Client conducts a transaction which requires the submission of an EFT report, as described in Section 10.1.

The Compliance Officer maintains a complete list of the scenarios that are used to conduct automated transaction monitoring.

Clients’ overall risk score is impacted by their transaction activity and alerts generated during ongoing transaction monitoring.

On an annual basis, for each client that is determined to be high risk, the Compliance Officer conducts an additional manual review of all transactions conducted by the client during the previous period. The purpose of the review is to examine a larger sample of transactions and changes in behaviour or characteristics over time to identify potentially undetected suspicious activity.

A record of the ongoing transaction monitoring conducted is maintained as outlined in Section 12.

Refer to Appendix E for a sample ongoing monitoring log.

Client Screening

The following section outlines policies and procedures with respect to customer screening.

Potential Sanctions Matches

Blaxen Pay LTD does not knowingly enter into transactions with, or provide or assist transfers to, or for the benefit of, governments, entities, charities, organizations and individuals targeted by required sanctions, including, but not limited to, Canadian anti-terrorism measures and Canadian economic sanctions. To that end, the Company screens its customer database and payments records for the names of listed terrorist individuals and entities.

The full name of the client is scanned prior to the first transaction, and periodically thereafter. If the customer is an entity, in addition to the name of the entity, the Company also scans the names of the Principals.

Scans are conducted at every transaction for all names collected as part of that transaction, including counterparties and any known third parties.

At a minimum, Blaxen Pay LTD screens against the prevailing lists promulgated pursuant to the following laws:

1. Criminal Code;
2. United Nations Act;
3. Freezing the Assets of Corrupt
4. Foreign Officials Act (“FACFOA”)
5. Justice for Victims of Corrupt
6. Foreign Officials Act (“JVCFOA“); and
7. Special Economic Measures Act (“SEMA“).

In addition, screening is conducted against the prevailing versions of lists maintained by the US Treasury Department’s Office of Foreign Assets Control (“OFAC”), and includes:

1. Specially Designated Nationals (“SDN”) list; and
2. OFAC Consolidated Sanctions list.
   Blaxen Pay LTD uses an external, industry recognized software provider, which automatically scans names to identify potential matches.

To adjudicate a potential name match, common differentiators such as date of birth or country of origin are compared to determine the veracity of the match.

If the match is determined to be accurate, any client funds in the Company’s possession are held and no transactions are processed (regardless of the status of the transactions) without an evidence-based discount of the match, or written judicial, law enforcement, or ministerial direction.

Politically Exposed Persons

The Legislation seeks to control corruption by increased scrutiny of activity involving people who hold, or who have held positions of public trust, which provide influence that might be exploited for personal gain. To this end, it imposes required measures for certain categories of individuals, as well as their close associates and family members, collectively referred to in this document as “PEPs”.

A list of individuals who are considered to be a PEP is listed in Appendix F, but can be summarized into the following categories:

1. PEFP: Politically Exposed Foreign Person (those who hold, or have ever held such a position);
2. PEDP: Politically Exposed Domestic Person (those who hold, or have held such a position in the preceding five years); and
3. HIO: Head of an International Organization (those who hold or have held such a position in the preceding five years).

Blaxen Pay LTD uses an external industry recognized software provider to take reasonable measures to determine PEP status:

• prior to a client conducting their first transaction;
• within 30 days of a business relationship being established, and periodically thereafter;
• within 30 days of requesting or receiving an international EFT of $100,000 or more in a single transaction, on the individual who conducted (i.e., requested) the EFT or the individual to which the EFT is paid. No PEP determination is required when the Company is acting as an intermediary, that is when an individual requests that another entity initiate an EFT and the Company is carrying out that transaction;
• within 30 days of determining that there are indicators present that the customer may be a PEP, such as when documenting occupation, updating customer information, or as a result of a negative news search.

As a policy, Blaxen Pay LTD treats all clients that have been determined to be a PEP as high risk for the duration of their relationship with the Company.

Once the Company determines that a client is a PEP, Blaxen Pay LTD must take the following measures:

• Take reasonable measures to determine the client’s source of wealth;
• If the individual was determined to be a PEP as a result of the Company initiating an international EFT of $100,000 or more, take reasonable measures to determine the source of funds that were used for the transaction; and
• If the individual was determined to be a PEP as a result of the Company initiating or finally receiving an international EFT of $100,000 or more, a member of Senior Management must review the transaction.

These measures are taken within 30 days of the activity that triggered the requirement to make a PEP determination. As a high-risk client, the person or entity must also be subject to the Company’s EDD measures.

Once a determination is made that a client is a PEP, Blaxen Pay LTD completes the PEP Approval Form (refer to Appendix G) in order to keep a record of:

• the office or position of the PEP;
• the name of the organization or institution of the PEP;
  the source of the individual’s wealth;
• the source of the funds that were used for the transaction (if the PEP determination was made as a result of the Company initiating an international EFT of $100,000 or more)
• the date that Blaxen Pay LTD made the determination that the individual is a PEP; and
• the name of the member of senior management who reviewed the transaction and the date of the review (if the PEP determination was made as a result of the Company initiating an international EFT of $100,000 or more).

Where it is determined that an individual is a prescribed relative or close associate of a PEFP, PEDP or HIO, the Company additionally keeps a record of the relationship between the individual and the PEFP, PEDP or PEP.

In situations where the Company is unable, even after taking reasonable measures, to determine whether the client is a PEP, or to identify a PEP’s source of funds or wealth, the Company keeps a reasonable measures record, as described in Section 12.

Ministerial Directives

Under Part 1.1 of the PCMLTFA, which came into force on June 19, 2014, the Minister of Finance may:

• Issue directives that require reporting entities to apply countermeasures to transactions coming from or going to designated foreign jurisdictions or entities; and
• Recommend the introduction of regulations to restrict reporting entities from entering a financial transaction coming from or going to designated foreign jurisdictions or entities.

These authorities allow the Minister of Finance to take steps to protect Canada’s financial system from foreign jurisdictions and foreign entities that are considered to present high risks for facilitating ML/TF.

How Blaxen Pay Ltd Becomes Aware Of Ministerial Directives

While directives are issued by the Minister of Finance, FINTRAC informs reporting entities that a directive has been issued by publishing it to its website. Each directive includes an outline of countermeasures that are limited to the same activities for which reporting entities already have obligations. The countermeasures enhance or add to these obligations.

• Directives specify the date they come into force and remain in force until officially revoked, suspended or amended.
• Directives are reviewed by the Minister of Finance at least every three years from the day they take effect.

The Compliance Officer or delegate reviews the FINTRAC website periodically to ensure Blaxen Pay LTD remains aware of the ministerial directives that are in force.

Responding To Ministerial Directives

When Blaxen Pay LTD becomes aware of a ministerial directive, the Compliance Officer or delegate takes the following actions:

• Reviews the directive;
• Determines the impact of the directive from a risk-based approach perspective; and
• Where the ministerial directive impacts operations, updates the appropriate policies and procedures and ensures the implementation of the requirements (countermeasures) specified by the directive.

Ministerial Directives In Force

December 9, 2017: Democratic People’s Republic Of Korea (Dprk)

The Minister of Finance issued this directive in response to a public statement from the Financial Action Task Force (“FATF”) on November 3, 2017, in which the FATF expressed its particular and exceptional concerns about North Korea’s failure to address the significant deficiencies in its AML/CFT regime and the serious threat this poses to the integrity of the international financial system.

This ministerial directive requires that all transactions to and from North Korea be treated as high-risk, regardless of the amounts of the transactions.

In addition to treating transactions to and from North Korea as high-risk, Blaxen Pay LTD has determined that conducting transactions (money transfers) to and from North Korea is outside of its acceptable level of risk tolerance and is therefore restricted.

July 25, 2020: Islamic Republic Of Iran

The Minister of Finance issued this directive in response to a public statement issued by the FATF in February 2020, in which the FATF expressed its particular and exceptional concerns regarding Iran’s failure to address the significant deficiencies in its AML/CTF regime and the serious threat this poses to the integrity of the international financial system. This directive requires that Reporting Entities:

• treat every financial transaction originating from or bound for Iran, regardless of its amount, as a high-risk transaction;
• verify the identity of any client (person or entity) requesting or benefiting from such a transaction;
• exercise customer due diligence, including ascertaining the source of funds in any such transaction, the purpose of the transaction and, where appropriate, the beneficial ownership or control of any entity requesting or benefiting from the transaction;
• keep and retain a record of any such transaction; and
• report all such transactions to the Centre.

As Blaxen Pay LTD has determined that the transfer of funds to/from Iran is outside of the Company’s tolerance for risk, Blaxen Pay LTD has prohibited the receipt of payment or settlement of transaction in Iranian Rial, in addition to sending or receiving payments to or from Iran. Consequently, this directive is not deemed to have an affect on the Company’s operations.

Law Enforcement Inquiries And Requests

Any requests from law enforcement to Blaxen Pay LTD are treated in a confidential manner and forwarded to the Compliance Officer or delegate for review and appropriate response which includes cooperation with all judicially authorized formal information requests and orders. Upon receipt of any formal requests from law enforcement the Compliance Officer or delegate must provide all relevant information in a timely manner. Additionally, the Compliance Officer or delegate maintains a log of such requests including the information provided.

A law enforcement request triggers a reassessment of client risk. Depending on the outcome of that reassessment, Blaxen Pay LTD may elevate the risk profile of the client, monitor the client’s transaction activity and behaviour, and/or file an STR with FINTRAC, if warranted. In the event that the risk to maintain a business relationship is found to be outside of the entity’s risk tolerance, Blaxen Pay LTD should consider divesting from the relationship.

The Compliance Officer or delegate must notify management of the receipt of such an inquiry or request. Law enforcement inquiries and requests can include but are not limited to production orders and tax authority requests.

Reportable Transactions

As a Reporting Entity, Blaxen Pay LTD has obligations to report certain transactions to FINTRAC and other agencies when necessary.

Reporting to FINTRAC should always be completed by the Compliance Officer or a person that has been trained to submit reports in the Compliance Officer’s absence.

All reports have specific timelines in which they must be submitted to FINTRAC. Blaxen Pay LTD employees must submit information relating to a reportable transaction to the Compliance Officer or delegate on the same day that the incident or transaction took place.

The Compliance Officer or delegate reports all prescribed transactions within the required timeframes defined below:

1. Electronic Fund Transfer Report (“EFTR”): Is submitted five (5) working days from the transaction date to FINTRAC, Electronically via Web Reporting.
2. Suspicious Transaction Report (“STR”): Is submitted as soon as practicable from the date that a fact is discovered that causes the Company to have reasonable grounds to suspect that the activity could be related to ML/TF to FINTRAC, Electronically via Web Reporting.
3. Terrorist Property Report (“TPR”): is submitted Immediately to FINTRAC, RCMP, CSIS, On paper (via fax).

Electronic Fund Transfers

An EFTR is sent to FINTRAC electronically under the following circumstances:

• Blaxen Pay LTD sends or receives an international EFT of $10,000 CAD or more or the equivalent value in a foreign currency in cash in a single transaction; OR
• Blaxen Pay LTD sends or receives multiple international EFTs of less than $10,000 CAD that were conducted by or on behalf of the same individual or entity within a 24-hour period that together total to $10,000 or more or the equivalent value in a foreign currency.

Starting in March 2024, Blaxen Pay LTD is required to report ALL international EFTs that are either originated by or on behalf of the same individual or are received by the same individual or entity within a 24-hour period totalling $10,000 CAD or more or the equivalent value in a foreign currency. These reports are required regardless of whether they have provided (in the case of an outgoing) or received (in the case of an incoming) the information about the sender to or from another Canadian financial institution.

EFT Reporting Timeframe

EFT reports must be submitted within five business days from the date that the transfer instructions were sent for outgoing EFTs (“EFTO”) or the date the transfer instructions were received for incoming EFTs (“EFTI”).

Identification And Reporting Of EFTS

The Company relies on a third-party transaction monitoring system that monitors transactional activity and generates alerts for EFT transactions that need to be reported to FINTRAC. On a daily basis, the Compliance Officer or delegate reviews the alerts and logs in to the FINTRAC Web Reporting system and completes the online form to submit the report. Refer to the FINTRAC website for details on the information that needs to be included in an EFT report.

Suspicious Transactions And Attempted Suspicious Transactions

STRs are submitted to FINTRAC where there are reasonable grounds to suspect that an activity is related to ML/TF. These reports must be submitted regardless of whether the transaction or activity is completed.

STRs play an important role in assisting law enforcement to combat crime as they identify potential criminal and illicit activity.

A transaction is suspicious if, based on the information available to Blaxen Pay LTD, there are reasonable grounds to suspect that a client is not who they claim to be, or a transaction is involved in some way with the proceeds of crime or terrorist financing.

Reaching reasonable grounds to suspect means that the Company has considered all the facts, context and ML/TF indicators related to a financial transaction and, after having reviewed this information, they concluded that there are reasonable grounds to suspect that a particular financial transaction is related to ML/TF.

Refer to FINTRAC guidance for more information about determining suspicion.

Appendix H includes a list of factors that could indicate that a transaction is suspicious.

STR Reporting Timeframe

Blaxen Pay LTD must report attempted and completed suspicious transactions to FINTRAC as soon as is practicable after measures are taken to establish reasonable grounds to suspect that the activity could be related to ML/TF.

The date that the Compliance Officer or delegate completed their investigation is used to document the date that they determined reasonable grounds for suspicion.

Tipping Off

If suspicion has arisen regarding a client’s identity or the legitimacy of a transaction, Blaxen Pay LTD staff must not disclose information about the matter to anyone other than the Compliance Officer or delegate. Informing anyone else about a suspicion is a breach of the law.

Identification Of Potentially Suspicious Transactions

Blaxen Pay LTD identifies potentially suspicious client activity through client discussions with staff, transaction monitoring, as well as through communication with law enforcement.

Staff Interaction

If through written or verbal communication with a client, any staff suspects that the client’s transactions may be related to a ML/TF offence, the staff must report it to the Compliance Officer or delegate by completing and submitting an unusual transaction report (“UTR”), prior to the end of the current working day. The Compliance Officer or delegate maintains a record of all unusual activity that is reported by staff. See Appendix I for a sample of the Company’s UTR form.

Ongoing Monitoring

Blaxen Pay LTD has a process for reviewing client transactions to identify potentially suspicious activity. Regardless of whether a client is in a business relationship, all transactions are reviewed against the transaction monitoring scenarios that are described in Section 7.5.4.

Communication With Law Enforcement

Upon receiving a request from law enforcement, the Compliance Officer or delegate reviews the client’s transaction history for the previous two years to determine if there are reasonable grounds to suspect that the customer may have conducted or attempted to conduct transactions that are involved in a ML/TF offence.

How To File A Suspicious Transaction Report

Once it is determined that there are reasonable grounds to suspect that a transaction or attempted transaction is related to the commission or attempted commission of an ML/TF offence, an STR must be sent to FINTRAC electronically through the FINTRAC web reporting system.

Filing an STR to FINTRAC does not prevent reporting suspicions of ML/TF directly to law enforcement and FINTRAC encourages establishing and maintaining relationships with law enforcement.

Post-reporting Obligations

Once an STR has been filed, the Company has the following post-reporting obligations:

• Keep Reporting– the Company must continue to report subsequent transaction activity conducted by the client that exhibits the same ML/TF indicators;
• Reassess Risk– the Company must reassess the client’s risk, taking into consideration the filed suspicious transaction report;
• Review Historical Activity– Blaxen Pay LTD must review previous transactions conducted by the client and submit an STR if those transactions have the same suspicious indicators; and
• Update Program Documentation (Risk Assessment, Policies and Procedures)– the Company must update listing of ML/TF indicators to include those resulting from the assessment and subsequent filing of suspicious transactions, if not previously considered or documented.

Terrorist Property Reports

TPRs are submitted to FINTRAC if the Company knows that they may be in possession of funds or property that belong to a terrorist (either an individual or an organization) or believes that they are in possession of funds that belong to a listed person.

In this context, property means any type of real or personal property. This includes any deed or instrument giving title or right to property or giving right to money or goods. For example, cash, bank accounts, insurance policies, money orders, real estate, securities, precious metals and stones, and traveler’s cheques, among other types of assets, are considered property.

A terrorist or a terrorist group includes anyone that has, as one of their purposes or activities, facilitating or carrying out any terrorist activity. A terrorist group includes anyone on a list published in Regulations Establishing a List of Entities issued under the Criminal Code or any individual or entity included on any other list of known terrorists or terrorist groups.

A listed person means anyone on a list published in the of the Regulations Implementing the United Nations Resolutions on the Suppression of Terrorism issued under the United Nations Act.

A terrorist, terrorist group or listed person can be an individual, a corporation, a group, a trust, a partnership, or a fund. It can also be an unincorporated association or organization.

If it is known that a transaction is related to property owned or controlled by or on behalf of a terrorist or a terrorist group or believed that the property is owned or controlled by or on behalf of a listed individual, the transaction must not be completed. This property must be frozen as per the Criminal Code and the Regulations Implementing the United Nations Resolutions on the Suppression of Terrorism.

If it is believed or suspected that a transaction is related to property or controlled by an individual or entity included on any list besides the Criminal Code or the Regulations Implementing the United Nations Resolutions on the Suppression of Terrorism, the Company submits an STR, as described in Section 10.2 and inform relevant law enforcement.

If a transaction is suspected of being related to TF, whether completed or attempted, an STR must be submitted to FINTRAC, as described in Section 10.2.

TPR Submission And Timeframe

Unlike other types of reports which are submitted to FINTRAC electronically, TPRs must be submitted via a paper form.

The Compliance Officer or delegate shall complete the form using black ink and all capital letters. Completed reports can be submitted to FINTRAC via fax at 1-866-226-2346 or by registered mail at:

Financial Transactions and Reports Analysis Centre of Canada

Section A

243 Laurier Avenue West, 24th Floor

Ottawa, ON

K1P 1H7

Refer to the FINTRAC website for details on the information that should be included in a TPR.

TPRs must be submitted to FINTRAC without delay.

Upon submitting a TPR to FINTRAC, Blaxen Pay LTD immediately notifies the CSIS Terrorist Financing Unit by fax at 613-369 2303, as well as the RCMP at 613-825-7030.

Voluntary Self-declaration Of Non-compliance

FINTRAC recognizes that Reporting Entities may come across instances where they have not met all of the requirements of the Legislation. These shortfalls may be in relation to reporting, client identification, record keeping, or effectively implementing an area of their compliance program.

Unreported transactions still have intelligence value to FINTRAC and need to be reported; while other shortfalls need to be addressed without delay. The ultimate goal of FINTRAC’s regulatory regime is to enhance compliance, not to impose penalties. Therefore, FINTRAC strongly encourage reporting entities to voluntarily declare their non-compliance in order to resolve the issues they identify.

Vsdonc Reporting Timeframe

VSDONC reports are voluntary. However, if Blaxen Pay LTD identifies a significant situation of non-compliance, they should submit a report to FINTRAC without delay.

Identifying Non-compliance

Blaxen Pay LTD can identify incidents of non-compliance when conducting a biennial effectiveness review, reviewing the Risk Assessment or through quality control activities.

A situation of non-compliance is a violation or series of minor violations of the PCMLTFA in relation to reporting, client identification, record keeping, or effectively implementing an area of the compliance program.

The PCMLTFA Administrative Monetary Penalties Regulations provide guidance on the severity of violations and has been adopted by Blaxen Pay LTD in order to determine a “significant” situation of non-compliance, which is defined as:

• 50 or more minor violations; or
• one or more serious or very serious violations.

Vsdonc Submission

If Blaxen Pay LTD submits a VSDONC to FINTRAC, the Company includes the following information:

• The name and the contact details of the individual submitting the VSDONC;
• For reporting issues, the number of reports impacted, the type of reports and the time period during which the issues occurred, as well as the reason why the reports were not submitted, were late, or incorrect and other related details;
• For other issues, the period of time during which the issues occurred, the reason for their occurrence; and
• A plan to resolve the issues and submit all outstanding (or incorrect/incomplete) reports, including measures and timelines for corrective action.

When sending a VSDONC, Blaxen Pay LTD only provides FINTRAC with the required information. The Company does not provide any personal or protected information related to their employees or clients, unless otherwise requested by FINTRAC to do so.

Blaxen Pay LTD submits VSDONCs to FINTRAC via email at VSDONC.ADVNC@fintrac-canafe.gc.ca.

Limitations Of Vsdonc Submissions

Blaxen Pay LTD cannot submit a VSDONC once the Company has been notified of an upcoming examination from FINTRAC or in relation to an issue that has been reported in a prior VSDONC.

Vsdonc Recordkeeping

Blaxen Pay LTD keeps the following records related to VSDONCs that the Company has submitted:

• Emails sent to or received from FINTRAC;
• All documentation related to the incident of non-compliance; and
• The resolution plan and corrective actions taken.

Record Keeping

Blaxen Pay LTD is required to have procedures in place for keeping paper and electronic records of pertinent information about their transactions. In support of that requirement, Blaxen Pay LTD keeps all associated records in accordance with the timeframes detailed in the chart below and can be easily retrieved which is in compliance with relevant Legislation.

AML Program Details

1.All AML and CTF program documents, including policies, procedures and Risk Assessment, as well as all changes to AML and CTF policies and procedures;

2.Compliance effectiveness review reports, including a record of Senior Management sign-off of the final report;

3.A record of the content, date and completion/attendance of any AML or CTF related training sessions, including internal staff training sessions; and

4.All FINTRAC correspondence.

Client Information

1.All client identification records;

2.All PEP determination and related records;

3.All business relationship risk assessment documentation;

4.All records of EDD for higher risk clients;

5.Records of the PIN for business relationships;

6.Records of the measures taken to monitor business relationships and the information obtained as a result of monitoring; and

7.Records of all OSAs.

Internal Memos

An internal memorandum means any memo, note, message or similar communication that is created or received, in the normal course of business, about services provided to clients.

Third Party Determination

1.All records of third-party determinations that have been made; and

2.All records of Identified third party relationships

Suspected Third-Party (Unconfirmed)

If Blaxen Pay LTD suspects that there is a third-party, but is unable to make a determination, the employee will record:

1.the reasonable measures that were taken to make the determination;

2.the reason that the measures were unsuccessful;

3.the date that the measures were taken;

4.whether the client indicated that they were acting on behalf of a third-party; and

5.why we suspect that the client is acting on behalf of a third-party. For example, In the case of a client information record, whether, according to the client, the transaction is being conducted on behalf of a third-party.

Records of sending transfers of $1,000 or more

If Blaxen Pay LTD sends an international EFT of $1,000 or more that was initiated by another person or entity, a record of:

1.the date on which the electronic funds transfer is sent,

2.if they exchange fiat currencies in the course of sending the electronic funds transfer, the type and amount of each fiat currency that is involved in the exchange.

3.the exchange rates used and their source;

4.the number of every account that is affected by the sending, the type of account and the name of each account holder;

5.every reference number that is connected to the sending and has a function equivalent to that of an account number;

6.the name and address of the person or entity that requested the initiation of the electronic funds transfer, unless that information was not, despite the taking of reasonable measures, included with the transfer and is not otherwise known; and

7.the name and address of each beneficiary, unless that information was not, despite the taking of reasonable measures, included with the transfer and is not otherwise known.

Records of receiving international transfers of $1,000 or more

If Blaxen Pay LTD is the final recipient of an international electronic funds transfer of $1 ,000 or more, a record of:

1.the date on which the electronic funds transfer is finally received,

2.the type and amount of each type of funds that is involved in the final receipt,

3.the name, address and telephone number of each beneficiary, the nature of their principal business or their occupation and, in the case of a person,

4.their date of birth,

5.the date of the remittance,

6.the exchange rates used for the remittance and their source,

7.if the remittance is in funds, the type and amount of each type of funds involved,

8.if the remittance is not in funds, the type of remittance and its value, if different from the amount of funds finally received,

9.the number of every account that is affected by the final receipt or the remittance, the type of account and the name of each account holder,

10.every reference number that is connected to the electronic funds transfer and has a function equivalent to that of an account number,

11.the name and address of the person or entity that requested the initiation of the electronic funds transfer, unless that information was not, despite the taking of reasonable measures, included with the transfer and is not otherwise known; and

12.the number of every account that is affected by the electronic funds transfer, other than those referred to in subparagraph 9.

Unusual Transactions

A record of:

1.whether the transaction was reported to FINTRAC;

2.the Compliance Officer or delegate’s investigation process; and

3.a rationale describing why the transaction or attempted transaction was or was not reported to FINTRAC.

Suspicious transaction report records

Blaxen Pay LTD retains a copy of all STRs submitted to FINTRAC.

Terrorist Property Reports

Blaxen Pay LTD maintains a copy of all TPRs submitted to FINTRAC, the RCMP and CSIS along with the date of submission.

EFT Reports

Blaxen Pay LTD retains a copy of all EFT reports submitted to FINTRAC.

Situations of non-compliance

When Blaxen Pay LTD identifies a situation of non-compliance, the Company keeps a record of the following:

1.The VSDONC that was submitted to FINTRAC;

2.Any emails sent to or received from FINTRAC with respect to the non-compliance;

3.All supporting documentation related to the issue; and

4.The resolution plan and corrective actions taken.

Reasonable Measures

All records of “reasonable measures” that are taken as described within the Policy document, and the details pertaining to those attempts.

Specifically, when “reasonable measures” are unsuccessful, the Company must record the following information:

1.The measures taken;

2.The date on which each measure was taken; and

3.The reasons why the measures were unsuccessful.

*All the above must be kept for period of five (5) years after the report/training/ correspondence date in the head Office, electronically.

FINTRAC requires that records be stored in a manner that permits their retrieval and submission to FINTRAC within 30-days.

The records and must also be maintained in such a manner so as to allow auditing.

Recording Client Occupation And Nature Of Principal Business

When Blaxen Pay LTD records a client’s occupation or nature of principal business, the Company needs to be as descriptive as possible. In addition to documenting the customer’s job title, the Company must be sure to obtain details regarding the specific type of work and industry in which the individual or entity works.

As a rule of thumb, Blaxen Pay LTD must attempt to document the occupation so that another person who reads the customer record has an understanding of what the customer does for a living.

Pep And Hio Definitions

A PEP or HIO is a person entrusted with a prominent position that typically comes with the opportunity to influence decisions and the ability to control resources. The influence and control that a PEP or HIO has can make them vulnerable to corruption.

Foreign PEP

A foreign PEP is a person who holds or has held one (1) of the following offices or positions in or on behalf of a foreign state:

1. Head of state or head of government;
2. Member of the executive council of government or member of a legislature;
3. Deputy minister or equivalent rank;
4. Ambassador, or attaché or counsellor of an ambassador;
5. Military officer with a rank of general or above;
6. President of a state-owned company or a state-owned bank;
7. Head of a government agency;
8. Judge of a supreme court, constitutional court or other court of last resort; or
9. Leader or president of a political party represented in a legislature.
   A foreign PEP is considered high-risk in all cases

Domestic PEP

A domestic PEP is a person who holds — or has held within the last five (5) years — a specific office or position in or on behalf of the Canadian federal government, a Canadian provincial government, or a Canadian municipal government:

1. Governor General, lieutenant governor or head of government;
2. Member of the Senate or House of Commons or member of a legislature;
3. Deputy minister or equivalent rank;
4. Ambassador, or attaché or counsellor of an ambassador;
5. Military officer with a rank of general or above;
6. President of a corporation that is wholly owned directly by Her
7. Majesty in right of Canada or a province;
8. Head of a government agency;
   Judge of an appellate court in a province, the Federal Court of Appeal or the Supreme Court of Canada;
9. Leader or president of a political party represented in a legislature; or
10. A PEP is considered high-risk in all cases.

Head of an International Organization (HIO)

An HIO is either:

1. The head of an international organization established by the governments of states; or
2. The head of an institution established by an international organization.

In making its determination the Company takes into consideration that the head of an international organization is the primary person who leads that organization, for example a president or CEO, or an international organization is an organization set up by the governments of more than one country.

A HIO is considered high-risk in all cases.

Family Members of PEP and HIO

In determining the PEP status of its clients, the Company takes into consideration whether the client is a family member of a PEP or HIO.

The following individuals are recognized as PEP or HIO by virtue of their family relationship:

1. The spouse or common-law partner of a PEP or HIO;
2. The child of a PEP or HIO;
3. The mother or father of a PEP or HIO;
4. The mother or father of a spouse or common-law partner of a PEP or HIO; or
5. The sibling of a PEP or HIO
   A family member of a PEP is considered high-risk in all cases.

Close Associates of a PEP And HIO

In determining the PEP status of its clients, the Company takes into consideration if the client is a close associate of a foreign PEP, domestic PEP or HIO.

The term “close associate” is not intended to capture every person who has been associated with the PEP or HIO. At a minimum, the Company determines the following persons to be close associates.

1. In a romantic relationship with a PEP or HIO, such as a boyfriend, girlfriend, or mistress;
2. Involved in financial transactions with a PEP or a HIO;
3. Business partners with, or who beneficially owns or controls a business with, a PEP or HIO;
4. A prominent member of the same political party or union as a PEP or HIO;
5. Serving as a member of the same board as a PEP or HIO; or
6. Closely carrying out charitable works with a PEP or HIO.

Should the Company identify a client’s relationship with a PEP or HIO that is not included in this relationship list, the Compliance Officer or delegate determines whether they fit the definition of a close associate based on whether there is an apparent business or financial connection between the parties.

A close associate of a PEP or HIO is considered high-risk in all cases.