KYC & AML Policy
1. Purpose and Scope
This Know Your Customer (KYC) and Anti-Money Laundering/Counter-Terrorist Financing (AML/CFT) Policy applies to all services provided by eu2you and engaged providers acting on behalf of eu2you (collectively, the «Operators»). The Policy applies to all clients, transactions, and service channels.
2. Principles
- Risk-Based Approach (RBA): Measures are proportionate to the risk profile of the client, transaction, jurisdiction, and products.
- Ongoing Monitoring: Controls operate throughout the client lifecycle—from onboarding to continuous transaction monitoring.
- Transparency & Privacy: Personal data is processed in accordance with law and the Privacy Policy.
3. Identification and Verification (KYC)
3.1. Mandatory Identification
Services are available only after successful KYC. The Operators may decline service until verification is completed.
3.2. Documents (public list)
To complete identification, the Client provides: a passport; national ID card; residence permit; driver’s license; where necessary, proof of address (utility bill/bank statement ≤6 months); and up-to-date contact details. Liveness checks, biometric face-matching, and document authenticity checks are conducted. Additional information may be requested based on risk.
3.3. Enhanced Due Diligence (EDD) — public statement
EDD is conducted in higher-risk cases and may involve additional information and evidence relevant to the lawful origin of assets and the purpose of transactions. Where reasonable assurance is lacking, service may be refused and/or the relationship terminated.
4. Screening and Registry Checks
All clients and transactions are screened against relevant sources: sanctions lists and restrictive measures, PEPs and related parties, high-risk jurisdictions/export controls, adverse media, commercial databases, and other registers required by law. Matches/risks trigger manual review and, where appropriate, refusal/blocking.
5. Transaction Monitoring
Ongoing monitoring analyzes anomalies and risk patterns (including blockchain analytics for risky addresses, mixers, darknet services). Suspicious activity may be paused/blocked, additional information requested, and competent authorities notified.
6. Travel Rule
For transfers of EUR 1,000 (equivalent) and above, originator/beneficiary information is collected/transmitted as required by law and technical compatibility. For self-hosted addresses, proof of address/wallet control may be required.
7. Refusal, Suspension, and Freezing
Operators may refuse/terminate service where KYC/AML requirements are not met or risk is elevated. Assets/operations may be frozen for up to 30 business days, extendable to 90 business days to complete review/investigation. Notifications are provided within a reasonable time unless prohibited by law or by an authority’s request.
8. Client Obligations
The Client must provide accurate and up-to-date data and documents, update them timely, follow interface requirements, and comply with Exchange Rules and lists of prohibited jurisdictions/services.
9. Data Sharing
On a lawful basis (including contract performance, AML control, fraud prevention, and security), KYC/AML data may be used by Operators on a need-to-know basis and shared with third parties strictly to the extent necessary, in accordance with the Privacy Policy.
10. Record-Keeping
KYC files, screening/monitoring results, and transaction records are retained for at least 6 years after the relationship ends, or longer if required by law/investigation. Appropriate technical and organizational measures are applied.
11. Training and Internal Control (public statement)
Operators provide regular training to staff on KYC/AML and sanctions compliance and conduct internal effectiveness controls. Detailed procedures are set out in internal documentation.
12. Regulatory Interactions
Operators fulfill statutory reporting obligations regarding suspicious activity and respond to competent authority requests in accordance with applicable law.
13. Policy Updates
This Policy is reviewed and updated as laws, regulatory practice, and risk profiles evolve. The current version is published on the website.