This AML/KYC Policy summarises how SMARTFINSERVICE LLC (Identification Number 405607400, Registration Number 0018-9404), a limited liability company incorporated in Georgia and licensed by the National Bank of Georgia as a Virtual Asset Service Provider (the "Company," "we," "us" or "our"), prevents the use of its services for money laundering, terrorist financing, sanctions evasion and other financial crime. It should be read together with our Terms of Use and our Privacy Policy.
1. Introduction
The Company is committed to preventing the use of its services for money laundering ("ML"), terrorist financing ("TF"), proliferation financing, fraud, sanctions evasion and any other financial crime. This Policy explains, in plain terms, the customer-facing aspects of our anti-money-laundering and know-your-customer programme: what we ask of you, the checks we carry out, and the circumstances in which we may delay, refuse or report a transaction.
2. Regulatory Framework
Our AML/KYC programme is designed to comply with the Law of Georgia on Facilitating the Prevention of Money Laundering and the Financing of Terrorism and the regulations and guidance issued by the National Bank of Georgia applicable to Virtual Asset Service Providers. We also align our controls with international standards, including the recommendations of the Financial Action Task Force (FATF). We cooperate with the Financial Monitoring Service of Georgia (the "FMS"), the National Bank of Georgia and other competent authorities as required by law.
3. Our Internal AML Programme and Compliance Officer
The Company maintains a detailed internal AML/KYC policy, internal control rules and risk-assessment procedures (together, the "Internal AML Programme"). For confidentiality and security reasons, these documents are not published in full. They govern our day-to-day compliance work, define our risk appetite and the controls we apply, and are reviewed and updated regularly.
The Company has appointed an AML Compliance Officer (also referred to as the Money Laundering Reporting Officer, or "MLRO"). The Compliance Officer is responsible for the implementation and oversight of the Internal AML Programme, for the analysis and investigation of internal notifications of unusual or suspicious activity, for liaison with the Financial Monitoring Service of Georgia (the "FMS") and other competent authorities, and for the submission of regulatory reports. The Compliance Officer's work is supported by internal training, internal audit and management oversight.
This page is a customer-facing summary. The rules that apply to you in practice may include additional internal procedures and controls set out in the Internal AML Programme.
4. Customer Identification (KYC)
Before establishing a business relationship and at appropriate points thereafter, we identify and verify our customers. Depending on whether you are an individual or a legal entity, and on your risk profile, we may ask you to provide:
full name, date and place of birth, nationality and residential address;
government-issued identification document (ID card, passport or residence permit);
proof of address (such as a utility bill or bank statement);
a photograph or live image of yourself for biometric verification;
information about your occupation, source of funds and expected transaction volumes;
for legal entities: corporate registry extract, articles of association, information about directors and beneficial owners, and details of the entity's business activity.
We may request additional information or documents at any time, including during an existing business relationship, where this is necessary to meet our legal or regulatory obligations.
5. Verification Providers and Tools
To carry out customer identification, sanctions screening, blockchain analytics and transaction monitoring, we work with specialised third-party compliance providers. These currently include, among others:
SumSub — identity verification, document checks, liveness and biometric verification, and sanctions/PEP screening;
AMLBot — blockchain analytics and wallet-risk screening for virtual-asset transactions;
other specialised compliance, identity-verification and analytics providers that we may engage from time to time.
We share with these providers only the personal data needed for the relevant check. Their processing of personal data is governed by written agreements requiring confidentiality and appropriate safeguards, as described in our Privacy Policy.
6. Levels of Customer Due Diligence
We apply a risk-based approach to customer due diligence. At a minimum, every customer is subject to standard due diligence, which includes identification, verification and ongoing monitoring of the business relationship.
Where the risk profile warrants it, we apply enhanced due diligence. This may involve, for example, additional documentation, more detailed questions about the source of funds or wealth, additional verification of counterparties and more frequent monitoring. Enhanced due diligence applies in particular to high-risk customers, customers from higher-risk jurisdictions and politically exposed persons (see Section 8).
7. Beneficial Ownership
For legal entities, we identify and verify the natural persons who ultimately own or control the entity (the "beneficial owners"). We may not establish or continue a business relationship if we are unable to identify the beneficial owners or if the ownership structure prevents meaningful identification.
For individual customers, we expect you to act on your own behalf. If you are acting for or on behalf of any other person, you must disclose this to us in advance and provide the information we require about that person.
8. Politically Exposed Persons
We screen customers and beneficial owners against politically-exposed-persons ("PEPs") databases. PEPs include individuals entrusted with prominent public functions (and their close family members and known close associates). Where a customer is identified as a PEP or closely related to one, we apply enhanced due diligence and may require additional information about the source of funds and the source of wealth. Approval to enter into or continue the business relationship may require sign-off from senior management.
9. Sanctions Screening
We screen customers, beneficial owners and counterparties against applicable sanctions lists, including:
the United Nations Security Council Consolidated List;
the European Union Consolidated Financial Sanctions List;
the United States Office of Foreign Assets Control (OFAC) Specially Designated Nationals (SDN) and other relevant lists;
the United Kingdom Office of Financial Sanctions Implementation (OFSI) Consolidated List;
Georgian national sanctions and any other lists that we are required or determine appropriate to apply.
Screening is performed at onboarding and on an ongoing basis as lists are updated. If a match is identified, we will freeze any related assets, refuse to execute the relevant transaction and notify the FMS and other competent authorities as required by law. We may be prohibited from disclosing to you the reason for such action.
10. Prohibited Activities and Restricted Jurisdictions
The Company does not provide services to persons subject to applicable sanctions or to persons located in or resident of jurisdictions in respect of which we are required, or determine appropriate, to refuse services. Such jurisdictions include, but are not limited to:
jurisdictions subject to comprehensive sanctions administered by the United Nations, the European Union, the United States Office of Foreign Assets Control (OFAC), the United Kingdom or other competent authorities — including the Democratic People's Republic of Korea, Iran, Syria, Cuba and the non-government-controlled areas of Ukraine;
jurisdictions identified by the Financial Action Task Force (FATF) as high-risk and non-cooperative;
any other high-risk or sanctioned territories identified in accordance with our Internal AML Programme.
We also do not provide services to persons engaged in unlawful activity, including but not limited to money laundering, terrorist financing, financing of the proliferation of weapons of mass destruction, fraud, market manipulation, sanctions evasion and tax evasion.
11. Transaction Monitoring
We monitor transactions on an ongoing basis to identify unusual or suspicious activity, applying automated controls together with manual review where appropriate. As part of this monitoring, we may:
request additional information or supporting documents about a specific transaction or pattern of transactions;
pause or delay a transaction pending further review;
screen the wallet addresses involved in a transaction using blockchain analytics tools;
decline a transaction that we are unable to process consistently with our legal obligations or risk appetite.
For confidentiality and security reasons, we do not disclose the specific thresholds, scenarios or detection rules used by our monitoring systems.
12. FATF Travel Rule
In line with FATF Recommendation 16 and Georgian implementation, when sending or receiving virtual-asset transfers we exchange originator and beneficiary information with the counterparty's virtual-asset service provider, where that provider is able to receive and process such data securely. The information transmitted typically includes the name, account or wallet identifier, identity document details and address of the originator and beneficiary, as required by applicable law. Where the counterparty cannot receive Travel Rule data, we monitor the transaction accordingly and retain the information for regulatory requests.
13. Refusal, Suspension and Reporting
We may decline to establish a business relationship, decline, postpone or reverse a transaction, suspend or terminate your account, or freeze related assets where:
we are unable to complete customer due diligence to the standard required by law or by our Internal AML Programme;
we identify or suspect suspicious activity, including activity that may be connected to money laundering, terrorist financing, sanctions evasion, fraud or other unlawful activity;
we identify other risk factors — including adverse media findings, unexplained source of funds, links to high-risk wallets or counterparties, inconsistencies in the information you have provided, or any further indicators set out in our Internal AML Programme — that make the business relationship or transaction inconsistent with our risk appetite;
continuing would expose us to legal, regulatory or reputational risk;
we are required to do so by a competent authority or by law.
Where we are legally required to report suspicions to the FMS or another authority, we may not be permitted to inform you that a report has been made, that an investigation is underway, or of the reasons for our decision ("tipping-off" restrictions). Any transfer of remaining assets following termination will be made in accordance with applicable law and our internal procedures.
14. Your Obligations
By using our services, you agree to:
provide accurate, current and complete information about yourself, your activities and the source of your funds, and update that information promptly if it changes;
cooperate with our verification and due-diligence requests, including providing additional documents on request;
act on your own behalf and not on behalf of any undisclosed third party;
not attempt to circumvent our identification, monitoring or sanctions controls;
confirm that you are not the subject of applicable sanctions, are not a PEP unless declared to us, and are not located in or resident of a prohibited jurisdiction.
Providing false, misleading or incomplete information may result in the refusal or termination of services, the freezing of assets and a report to the FMS or other authorities.
15. Data Protection and Record Retention
Personal data collected for AML/KYC purposes is processed in accordance with the Law of Georgia on Personal Data Protection and our Privacy Policy. AML and KYC records, including identification documents, due-diligence files and transaction data, are retained for at least five (5) years following the termination of the business relationship or the date of an occasional transaction, or longer where required by law.
16. Updates and Contact
We may update this Policy from time to time to reflect changes in law, regulation or our internal practices. The "Last updated" date at the top of this page indicates when the Policy was most recently revised.
Questions about this Policy can be sent to [email protected].