Связаться с нами

AML and Security Policy

Effective from: May 2025

This AML and Security Policy (the "Policy") defines the principles and procedural controls adopted by a-payment ("a-payment", "we", "our", or "us") for the prevention of money laundering, terrorist financing, and other forms of financial crime, and outlines the technological and procedural measures implemented to ensure the security and integrity of its services and user data. This Policy applies to all interactions conducted via https://a-payment.pro (the "Site") and all associated services offered through our platform (collectively, the "Services").

1. Legal Framework and Compliance Obligations

1.1. This Policy is formulated in accordance with:

  • Directive (EU) 2015/849 (the 4th AMLD) and Directive (EU) 2018/843 (the 5th AMLD);
  • Regulation (EU) 2015/847 on information accompanying transfers of funds;
  • FATF Recommendations and interpretive notes;
  • Relevant laws of the Member State in which a-payment is established.

1.2. a-payment maintains full compliance with applicable anti-money laundering (AML), counter-terrorist financing (CTF), sanctions enforcement, and fraud prevention regulations.

2. AML/CTF Governance Structure

2.1. Our AML/CTF framework is overseen by an appointed Compliance Officer ("CO") who:

  • Is directly accountable to senior management;
  • Possesses relevant experience and qualifications;
  • Has full authority to implement and enforce AML procedures;
  • Acts as the point of contact for Financial Intelligence Units (FIUs) and supervisory authorities.

2.2. The CO ensures:

  • Internal AML/CTF policies are documented, approved, reviewed annually, and enforced;
  • Timely submission of suspicious activity reports (SARs) to competent authorities;
  • Implementation of training, audits, and incident response procedures.

3. Know-Your-Customer (KYC) and Due Diligence Procedures

3.1. a-payment applies risk-based customer due diligence (CDD) before onboarding any client, which includes:

  • Identification of legal persons, beneficial owners, and authorized representatives;
  • Verification through original or notarized corporate documentation;
  • Assessment of business activity and source of funds;
  • Screening against PEP, sanctions, and adverse media lists.

3.2. Enhanced due diligence (EDD) is applied in high-risk scenarios, including:

  • Clients located in high-risk third countries;
  • Politically exposed persons (PEPs);
  • Unusually complex or opaque corporate structures.

3.3. Ongoing monitoring is performed throughout the lifecycle of the client relationship to:

  • Detect inconsistencies in transaction behavior;
  • Flag suspicious transaction patterns;
  • Prompt KYC refresh procedures where appropriate.

4. Transaction Screening and Suspicious Activity Monitoring

4.1. a-payment utilizes automated and manual controls to detect, analyze, and report:

  • Transactions inconsistent with client profile;
  • Structuring, layering, or smurfing attempts;
  • Transactions with sanctioned countries or persons;
  • Payments involving virtual currencies lacking transparency.

4.2. Any suspicious transaction is escalated internally to the CO and, where required, reported to the national FIU without delay.

5. Sanctions and Restricted Jurisdictions

5.1. We maintain and periodically update a list of:

  • UN, EU, and national sanctions programs;
  • Jurisdictions deemed high-risk or non-cooperative by FATF;
  • Regions with insufficient AML frameworks or elevated corruption risk.

5.2. Services are categorically denied to:

  • Individuals or entities subject to sanctions;
  • Clients residing in or transacting with embargoed jurisdictions.

6. Data and Infrastructure Security

6.1. a-payment adopts industry-standard and state-of-the-art measures for securing data and infrastructure, including:

  • TLS 1.2+ encryption for data in transit;
  • AES-256 encryption for data at rest;
  • Multi-factor authentication (MFA) for administrative access;
  • Access control lists and identity federation for user segmentation;
  • Use of secure cloud infrastructure and redundant systems for business continuity.

6.2. All systems are monitored through:

  • Real-time threat detection and intrusion prevention systems (IPS);
  • Audit logs stored on immutable, access-restricted nodes;
  • Scheduled internal and external security assessments.

6.3. In the event of a data breach or security incident:

  • Affected stakeholders are notified in accordance with GDPR Articles 33 and 34;
  • Incident reports are filed with competent authorities as required;
  • Root cause analysis and post-mortem remediation are conducted.

7. Cryptographic Asset Handling and Wallet Security

7.1. Where virtual assets are involved, a-payment implements:

  • Multi-signature wallets with access segmentation;
  • Cold storage for operational reserves;
  • Transaction whitelisting and daily transfer limits;
  • Regular key rotation and cryptographic hygiene controls.

8. Recordkeeping and Audit

8.1. a-payment maintains comprehensive audit trails and securely stores:

  • KYC records, communications, and client documentation for a minimum of five (5) years after termination of business relations;
  • Transactional records, SARs, and system logs for a similar duration;
  • Internal compliance reviews, audit results, and risk assessments.

8.2. Data is stored in compliance with GDPR and financial regulatory frameworks applicable in the EEA.

9. Staff Training and Awareness

9.1. All personnel with compliance-relevant functions receive:

  • AML/CTF onboarding and refresher training at least annually;
  • Guidance on risk indicators, red flags, and escalation protocols;
  • Access to updated internal policies and regulatory circulars.

9.2. Training completion is logged and reviewed periodically.

10. Amendments and Governance

10.1. This Policy is reviewed annually or in response to:

  • Legislative changes;
  • Regulatory guidance or enforcement actions;
  • Internal audit recommendations or incident learnings.

10.2. All updates are approved by the senior management and made available to clients and partners upon request.

Contact

Compliance Department – a-payment
Email: [email protected]

This Policy is issued in English. In the event of divergence between language versions, the English version shall prevail.