Make sure you read Astral's Anti-Money Laundering (AML) and Combating the Financing of
Terrorism (CFT) Policies carefully.
Astral's AML/CFT Policies and Procedures
This document outlines Astral's Anti-Money Laundering and Combating the Financing of
Terrorism (AML/CFT) policies and procedures. This document is intended for general
informational purposes only and is not legally binding on Astral and/or any other person
(natural or otherwise).
A. Principles and Methods of Astral AML/CFT Measures
Astral is committed to supporting AML/CFT efforts. In principle, we are committed to:
● Conducting due diligence when dealing with our customers and natural persons appointed to
act on behalf of our customers.
● Conducting business in accordance with high ethical standards and, to the greatest extent
possible, preventing the establishment of any business relationship that is related to or could
contribute to money laundering or terrorism financing.
● Assisting and cooperating with the relevant legal authorities, to the fullest extent possible, in
order to prevent the threat of money laundering and terrorism financing.
B. Astral's Risk Assessment and Risk Mitigation Methodology
Risk Assessment
We anticipate that the majority of our customers will be retail customers. As of the date of this
policy, we are operating primarily in the Republic of Seychelles.
In this regard, we shall:
a. Record and/or collect documentation on the following:
1) The identity of our customers.2) The country or jurisdiction from or in which our customers are located.
b. Ensure, to the best of our knowledge, skills, and abilities, that our customers, connected
persons of our customers, natural persons appointed to act on behalf of our customers, and
beneficial owners of our customers are assessed and screened with the assistance of lists of
designated individuals and entities for (but not limited to):
● Democratic People's Republic of Korea
● Democratic Republic of the Congo
● Iran
● Libya
● Somalia
● South Sudan
● Sudan
● Yemen
● UN Al Qaida (1267/1989) sanctions list
● UN Taliban (1988) sanctions list
● Persons identified in Schedule 1 of the Terrorism (Suppression of Financing) Act, Chapter 325.
Risk Mitigation
When identified, we shall not deal with anyone on the list of designated individuals and entities.
C. New Products, Practices, and Technical Methodology
We shall provide appropriate notice on the identification and assessment of money laundering
and terrorist financing risks that may arise in the following areas:
● Development of new products and business practices, including new delivery mechanisms.
● Use of new or developing technologies for new and existing products
We shall pay particular attention to any new products and new business practices that facilitate
anonymity, including new delivery mechanisms and new or developing technologies, such as
digital passes that facilitate anonymity (whether securities, payments, and/or utility tokens).
D. Approach to Customer Due Diligence (CDD)
We do not open, maintain, or accept anonymous or pseudonymous accounts.
We shall not enter into a business relationship with or executive trades for customers when we
have reasonable grounds to suspect that their assets or funds are the proceeds of drug dealingor other criminal behavior. We shall file an STR for such transactions and provide a copy to the
relevant FIU.
We shall perform customer due diligence in the following situations:
● When we enter into a business relationship with any customer.
● When we execute transactions for any customer with whom we do not have an established
business relationship.
● When we receive cryptocurrency transfers for customers with whom we do not have a
business relationship.
● When we suspect money laundering or terrorism financing.
● When we doubt the truth or adequacy of any information.
When we suspect that two or more transactions are or may be related or connected or that an
otherwise single transaction has been intentionally reorganized into smaller transactions in
order to evade Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT)
measures, we shall treat the transaction as a single transaction and aggregate its value in order
to comply with the AML/CFT principles.
Customer Verification
We shall verify the identity of all of our customers.
In order to verify our customers, we need to know at least:
● Their full names, including any aliases.
● Their unique identification number (e.g., identity card number, birth certificate number, or
passport number or, where the customer is not a natural person, their business registration
number); or
● Their registered address, or their registered business address (if applicable), or their principal
place of business if the registered and business addresses are different; and
● Their date of birth, establishment, or registration; and
● Their nationality or place of registration.
If the customer is a legal person, we shall, in addition to obtaining the relevant information
outlined above, identify their legal entity type, their statutes, and the powers that regulate and
bind them as a legal person. We shall also identify their related parties (e.g., directors, partners,
and/or persons with executive powers) by obtaining, at a minimum, the following information
for each:
● Their unique identification number, such as an identity card number, birth certificate number,
or passport number.Customer Identity Verification
We shall use reliable and independent data, documents, or information to verify the identity of
our customers. If our customer is a legal person or legal arrangement, we shall use reliable and
independent data, documents, or information to verify their legal entity type, proof of existence,
statutes, and the powers that regulate and bind them.
Customer Representative Identity Verification
a. Customer Representatives
If a customer appoints one or more natural persons to represent them in their business
relationship with us, or if the customer is not a natural person, we shall:
● Identify each natural person acting on behalf of the customer or appointed to act on behalf of
the customer by obtaining the following information:
● Their full names.
● Their unique identification number.
● Their residential address.
● Their date of birth.
● Their nationality.
● Data and documents from reliable and independent sources that can be used to verify the
identity of such natural persons.
We shall also verify the proper authority of each natural person designated to act on behalf of
our customer by obtaining the following information:
● Appropriate written evidence authorizing the appointment of such natural persons as our
customer's representatives.
● The specimen signature of each natural person.
If the customer claims to be a government entity, we shall obtain only such information as may
be necessary to confirm the customer's claimed identity.
Identification and Verification of Beneficial Owners
We shall inquire the existence of any beneficial owners associated with the customer.
If the customer has one or more beneficial owners, we shall identify the beneficial owner(s) and
take reasonable steps to verify the identity of the beneficial owner(s) using relevant information
or data obtained from reliable and independent sources.
If the customer is a legal person, we shall:
● Identify the natural persons (whether acting independently or in concert) with ultimate
ownership over the legal person.
● If there is doubt as to whether the natural persons with ultimate ownership over the legal
person are the beneficial owners, or if no natural persons have ultimate ownership over the
legal person, determine the natural persons with ultimate beneficial ownership over the legal
person; and
● If no such natural person is identified, identify a natural person with enforcement rights over
the legal person.
If the customer is a legal arrangement, we shall:
● In the case of a trust, identify the settlor, trustee, protector (if applicable), beneficiaries, any
natural person exercising ultimate ownership, ultimate control, or ultimate effective control
over the trust; and
● For other types of legal arrangements, identify those in equivalent positions.
If the customer is not a natural person, we shall determine the nature, ownership, and control
structure of the customer's business.
We are required to verify the identity of the beneficial owners of the following customers:
● Entities listed on stock exchanges.
● Entities listed on stock exchanges subject to regulatory disclosure requirements and full
transparency requirements in relation to their beneficial owners.
● Financial institutions.
● Financial institutions supervised for compliance with the AML/CFT requirements outlined by
the FATF; or
● Investment vehicles where the manager is a financial institution or is subject to the AML/CFT
requirements outlined by the FATF.
The above shall apply unless we doubt the veracity of the CDD information or suspect that our
customers have engaged in business relationships or transactions related to money laundering
or terrorism financing.
We shall also document the basis for our determination.
Information on the Purpose and Intended Nature of Business Relations and Transactions
Executed Without the Opening of an Account*
When processing applications to enter into a business relationship or executive an undisclosed
transaction, we are required to be aware of and, where appropriate, obtain information from the
customer about the purpose and intended nature of the business relationship or transaction.
Review of Transactions Executed Without the Opening of an Account*
If we execute one or more transactions for a customer without opening an account (the "current
transaction"), we shall review the previous transactions carried out by that customer to ensurethat the current transaction is consistent with our knowledge of the customer, their business
and risk profile, and the source of their funds.
When we enter into a business relationship with a customer, the payment service provider shall
review all transactions prior to entering into the business relationship to ensure that the
business relationship is consistent with our knowledge of the customer, their business and risk
profile, and the source of their funds.
Particular attention shall be paid to all complex, unusually large, or unusual patterns for
transactions executed without opening an account and that have no apparent economic
purpose. We shall investigate, to the greatest extent possible, the background and purpose of
the aforementioned transactions and record our findings in order to provide such information to
the relevant authorities as and when required.
To scrutinize transactions executed without opening an account, we shall establish and
implement appropriate systems and processes commensurate with the size and complexity of
the payment service provider to:
● Monitor transactions executed without opening an account.
● Detect and report suspicious, complex, unusually large, or unusual patterns for transactions
executed without opening an account.
Where there are reasonable grounds to suspect that a transaction executed without opening an
account is related to money laundering or terrorism financing, and if we consider it appropriate
to execute the transaction, the payment service provider shall substantiate and document the
reasons for executing the transaction.
Continuous Monitoring
We shall monitor business relations with our customers on an ongoing basis. We shall monitor
the operation of customers' accounts and review their transactions throughout the course of our
business relationship to ensure that they are consistent with our knowledge of the customer,
their business and risk profile, and the source of their funds.
We shall implement our risk prevention measures if the transaction involves the transfer or
receipt of crypto to/from the following entities:
● Financial institutions.
● Financial institutions supervised for compliance with the AML/CFT requirements outlined by
the FATF.
During the course of our business relationship, we shall pay particular attention to all complex,
unusually large, or unusual patterns for transactions executed with no apparent economic
purpose. We shall investigate, to the greatest extent possible, the background and purpose of
the aforementioned transactions and record our findings in order to provide such information to
the relevant authorities as and when required.
For the purpose of ongoing monitoring, we shall establish and implement appropriate systems and processes commensurate with the size and complexity of the payment service provider to:
● Monitor business relations with our customers.
● Detect and report suspicious, complex, unusually large, or unusual patterns for transactions
executed throughout the course of the business relationship.
We shall ensure that the CDD data, documents, and information obtained with respect to our
customers, natural persons appointed to act on behalf of our customers, and the related parties
and beneficial owners of our customers are relevant and up-to-date by reviewing existing CDD
data, documents, and information, particularly with respect to high-risk customers.
If there are any reasonable grounds to suspect that an existing business relationship with a
customer is linked to money laundering or terrorism financing and we believe it is appropriate
to retain the customer:
● We shall substantiate and document the reasons for retaining the customer.
● We shall subject the customer's business relationship with us to appropriate risk mitigation
measures, including enhanced ongoing monitoring.
When we assess that the risk of a customer or our business relationship with that customer is
high, payment service providers are expected to take enhanced CDD measures, including
obtaining approval from our senior management to retain the customer.
CDD Measures for Non-Face-To-Face Business Relationships or Non-Face-To-Face Transactions*
We shall have policies and procedures in place to address any specific risks associated with non-
face-to-face business relationships with customers or non-face-to-face transactions (non-face-
to-face business contacts) that are conducted without opening an account for the customer.
We shall implement the policies and procedures when establishing business relations with
customers and when conducting ongoing due diligence.
In the absence of face-to-face contact, payment service providers shall implement CDD
measures that are at least as stringent as those required for face-to-face contact.
Where a payment service provider makes its first non-face-to-face business contact, the
payment service provider shall, at its own expense, engage an external auditor or independent
qualified consultant to assess the effectiveness of its policies and procedures, including the
effectiveness of any technical solutions used to manage impersonation risks.
We shall appoint an external auditor or an independent qualified consultant to carry out an
assessment of the new policies and procedures; and shall submit the report of the assessment
to the Authority no later than one year after the implementation of the change.
Reliance on Measures Already Performed During the Acquisition of a Payment Service Provider
Where we (the "acquiring payment service provider") acquire, either in whole or in part, the
business of another payment service provider, we shall perform the measures for the customers
acquired with the business at the time of acquisition except where the acquiring payment
service provider has:
● Obtained all appropriate customer records (including CDD information) at the same time and
had no doubts or concerns about the accuracy or adequacy of the information obtained.
● Conducted due diligence resulting in no questions about the adequacy of the AML/CFT
measures undertaken by the acquiring payment service provider with respect to the business or
portion of the business that the acquiring payment service provider is now acquiring and have
properly documented such measures.
Measures for Non-Account Holders*
If we execute any transaction for any customer who does not otherwise have business relations
with us, we shall:
● Perform CDD measures as if the customer had just applied to the payment service provider to
establish business relations.
● Record adequate details of the relevant transaction so as to permit the reconstruction of the
transaction, including the nature and date of the transaction, the type and amount of currency
involved, the value date, and the details of the payee or beneficiary.
Verification Timing
We shall verify the identity of the customer, the natural persons appointed to act on the
customer's behalf, and the customer's beneficial owners before one of the following:
● The payment service provider establishes a business relationship with the customer.
● The payment service provider executes any transaction for the customer where it has not
otherwise established business relations with the customer.
● The payment service provider facilitates or receives digital assets by value transfer for the
customer where it has not otherwise established business relations with the customer.
We may enter into a business relationship with a customer before we verify the identity of the
customer, the natural persons appointed to act on the customer's behalf, and the customer's
beneficial owners if the below circumstances apply:
● The deferral of verification is essential in order not to interrupt the normal conduct of
business operations.
● The risks of money laundering and terrorism financing can be effectively managed by the
payment service.
Where we establish business relations with a customer before verifying the identity of the
customer, natural persons appointed to act on behalf of the customer, and beneficial owners of the customer, we shall undertake the following:
● Develop and implement internal risk management policies and procedures concerning the
conditions under which such business relations may be established prior to verification.
● Complete such verification as soon as is reasonably possible.
Where Measures Are Not Completed
Where we are unable to complete the measures as required, we shall not commence or continue
business relations with any customer or execute any transaction for any customer.
Where we are unable to complete the measures, the payment service provider shall consider
whether the circumstances are suspicious so as to warrant the filing of an STR.
Completion of the measures refers to a situation where the payment service provider has
obtained, screened, and verified (including by delayed verification as outlined under paragraphs
6.43 and 6.44) all necessary CDD information under paragraphs 6, 7, and 8 and where the
payment service provider has received satisfactory responses to all inquiries in relation to such
necessary CDD information.
Joint Accounts
For joint accounts, we shall perform CDD measures on all of the joint account holders as if each
of them were individual customers of the payment service provider.
Screening
We shall screen customers, natural persons appointed to act on behalf of customers, related
parties of customers, and beneficial owners of customers against relevant money laundering
and terrorism financing information sources, as well as lists and information provided by the
Authority for the purpose of determining if there are any money laundering or terrorism
financing risks in relation to the customer.
We shall screen for the following situations and persons:
● When (or as soon as reasonably practicable after) we establish a business relationship with a
customer.
● Before we execute any transaction for any customer who has not otherwise established
business relations with the payment service provider.
● Before we facilitate or receive digital assets by value transfer for a customer who has not
otherwise established business relations with us.
● Periodically, after we establish business relations with our customers; and
● When there are any changes or updates to:
● Lists and information provided by the Authority to the payment service provider; or
● Natural persons appointed to act on behalf of a customer, their related parties, or beneficial
owners.
We shall screen all value transfer originators and value transfer beneficiaries against lists and
information provided by the Authority for the purposes of determining if there are any money
laundering or terrorism financing risks.
We shall document the results of all screenings.
E. Our Approach to Enhanced Customer Due Diligence
Politically Exposed Persons
We shall use all reasonable means to determine if a customer, any natural person appointed to
act on behalf of a customer, any related party of a customer, or any beneficial owner of a
customer is a politically exposed person (PEP) or a family member or close associate of a PEP.
Where a customer or any beneficial owner of a customer is determined by us to be a PEP, or a
family member or close associate of a PEP, we shall perform at least the following enhanced due
diligence measures in addition to our regular CDD measures:
● Obtain approval from senior management to establish and continue business relations with
the customer.
● By reasonable means, establish the source of wealth and source of funds of the customer and
any of their beneficial owners.
● During the course of business relations with the customer, conduct enhanced monitoring of
our business relations with them. We shall increase the degree and nature of monitoring for any
transactions that appear unusual.
Higher Risk Categories
We recognize that circumstances, where a customer presents or may present a higher risk for
money laundering or terrorism financing, include but are not limited to the following:
● Where a customer or any beneficial owner of the customer is from or in a country or
jurisdiction for which the FATF has called for countermeasures, the payment service provider
shall treat any business relations with or transactions for any such customer as presenting a
higher risk for money laundering or terrorism financing.
● Where a customer or any beneficial owner of the customer is from or in a country or
jurisdiction known to have inadequate AML/CFT measures as determined by the payment
service provider itself or notified to the payment service provider by the Authority or other
foreign regulatory authorities, the payment service provider shall assess whether any such
customer presents a higher risk for money laundering or terrorism.
We shall perform enhanced CDD measures for customers who present a higher risk for money laundering or terrorism financing or any customer that the Authority notifies us of presenting a higher risk for money laundering and terrorism financing.od
F. Approach to Bearer Negotiable Instruments and Restriction of Cash Payouts
We shall not make any payment for any sum of money in the form of a bearer negotiable
instrument.
We shall not pay any cash in any amount in the course of carrying on our business.
G. Approach to Value Transfer (to be implemented when required)*
If we are the ordering institution, before executing a value transfer, we shall:
● Identify the originator and take reasonable measures to verify their identity (if we have not
already done so).
● Record adequate details of the value transfer, including but not limited to the date of the
value transfer, the type and value of the digital asset transferred, and the value date.
If we are the ordering institution, we shall include in the memo or payment instructions that
accompanies or relates to the value transfer:
● The name of the originator.
● The account number of the originator (or the unique transaction reference number if
applicable).
● The name of the beneficiary.
● The account number of the beneficiary (or the unique transaction reference number if
applicable).
Value Transfers Exceeding a Particular Threshold
For value transfer exceeding a particular threshold where we are an ordering institution, we
shall identify the originator and verify their identity, including the memo or payment
instructions that accompany or relate to the value transfer and any of the following:
● The originator's residential address; or
● The originator's registered or business address (along with their principal place of business if
such addresses differ).
● The originator's unique identification number; or
● The originator's date and place of birth, along with the incorporation or registration of the
value transfer.
We shall immediately and securely submit to the beneficiary institution all value transfer
originator and value transfer beneficiary information and shall document all such information.
Where we, in the capacity as an ordering institution, are not able to comply with the
requirements, we shall not execute the value transfer.
If we are the beneficiary institution, we shall take reasonable measures to identify value
transfers that lack the required value transfer originator or value transfer beneficiary institution.
For value transfers where we, as the beneficiary institution, pay out transferred digital assets in
cash or cash equivalents to a value transfer beneficiary, we shall identify and verify the identity
of the value transfer beneficiary (if their identity has not been previously verified).
We shall always conduct a review prior to executing a value transfer lacking the required value
transfer originator or value transfer beneficiary information and document our follow-up
measures. *
If we are the intermediary institution, we shall retain all information pertaining to a value
transfer.
Where we, as an intermediary institution, execute a value transfer to another intermediary
institution or beneficiary institution, we shall immediately and securely provide the information
accompanying the value transfer to that other intermediary institution or beneficiary institution.
If we are a receiving intermediary institution, we shall keep a record of all information received
from an ordering institution or another intermediary institution for at least five years.
We shall take reasonable measures to identify value transfers that lack the required value
transfer originator or value transfer beneficiary information during straight-through processing.
H. Record Keeping
We shall retain proper records as required for a time period of at least 5 years.
I. Personal Data*
We shall safeguard the personal data of our customers in the manner prescribed.
J. Suspicious Transactions Reports (STRs)
We shall notify the relevant authorities and file STRs as required by law. We shall also maintain
all records and transactions relating to all such transactions and STRs.K. Our Compliance, Audit, and Training Policies
Amongst other measures, we shall appoint an AML/CFT compliance officer at the management
level, maintain independent audit capabilities, and take proactive measures to regularly train
our employees on AML/CFT matters.
Enterprise-Wide Money Laundering/Terrorism Financing Risk Assessment
We shall conduct an enterprise-wide money laundering/terrorism financing risk assessment in
three phases:
Phase 1: Assessment of Inherent Risk
We shall assess the inherent risk in relation to our:
● Customers or entities: We shall assess the customers and/or entities with whom we deal.
● Products or services: We shall be mindful of who we provide cryptocurrency OTC services to.
Regional scale: We shall not deal with customers on lists of designated individuals and entities.
Stage 2: Assessment of Mitigating Controls
We shall assess our mitigating controls in relation to the aforementioned. We shall monitor and
exercise enhanced due diligence for any and/or all customers(s) whom we deem to be
suspicious.
Phase 3: Assessment of Residual Risk
We shall assess our residual risks after assessing our mitigating controls