Codego Fraud policy
Purpose
The purpose of this policy is to define Codego’s official stance on fraud prevention, detection, and response. This policy is designed to protect the company and its customers from fraudulent activities by establishing clear procedures for identifying, managing, and addressing fraud at all levels of the organization.
Scope
This policy applies to all Codego employees, contractors, third-party vendors, and customers. It encompasses any and all types of fraud that could impact Codego’s operations or reputation, whether originating internally or externally. Everyone in the organization is expected to adhere to the procedures outlined in this policy.
Types of fraud addressed
● Codego is committed to addressing multiple types of fraud, including but not limited to:
● External fraud such as phishing, identity theft, unauthorized transactions, and account takeovers.
● Internal fraud including embezzlement, misuse of company assets, and collusion with external fraudsters.
● Financial crimes such as money laundering, terrorism financing, and the use of stolen payment credentials.
Responsibilities
The Fraud Department at Codego takes the lead in detecting and managing fraud risks. Compliance teams ensure that all fraud-related processes comply with local and international regulations. Senior management is responsible for establishing a culture of zero tolerance towards fraud, and all employees are encouraged to report suspicious activity through defined internal channels.
Prevention and detection mechanisms
Codego leverages several tools and techniques to detect and prevent fraudulent activity. Among these are third-party solutions such as Seon, which offers advanced fraud monitoring and detection capabilities. Codego also employs strong KYC processes, including Enhanced Due Diligence (EDD) and regular customer reviews. These systems work together to ensure real-time detection of suspicious transactions and mitigate the risk of fraud.
Reporting and investigation
Any suspected or actual fraud must be reported immediately to the Risk and Fraud Department, either internally or via external customer reports. The Fraud Department is responsible for investigating these reports, gathering evidence, and determining whether fraud has occurred.
Consequences of fraudulent activity
Employees, third parties, or customers found engaging in fraudulent activity will face severe consequences. This may include termination of employment or contract, legal action, and being reported to law enforcement authorities. Codego takes a zero-tolerance stance on fraud and will take all necessary steps to ensure that fraudulent actors are held accountable.
Fraud and financial crime risk assessment
Introduction
Codego is firmly committed to combating fraud and financial crime by maintaining a robust and comprehensive framework for identifying, preventing, and responding to potential risks. As the financial landscape evolves, Codego actively seeks to adapt to emerging threats through continuous monitoring and a proactive approach to security.
Fraud risk assessment overview
Codego has identified several key areas where fraud risk is prevalent, both internally and externally. Internal risks include possible employee collusion or insider fraud, while external risks involve fraudulent third parties, malicious actors engaging in phishing attacks, and account takeovers. The company regularly conducts in-depth risk assessments to adapt its processes and security measures.
External fraud risks
Codego is particularly vigilant against external fraud, including phishing attacks, identity theft, and account takeovers. Malicious actors often target customers through social engineering and other deceptive practices. With its global customer base, Codego is especially cautious about fraudulent activities originating from external partners or third-party vendors.
Mitigation measures
To mitigate these risks, Codego employs Seon, a leading third-party tool for fraud prevention, detection, and management. Seon leverages a robust set of security rules, real-time data, and machine learning algorithms to monitor transactions and flag suspicious behavior. In addition, Codego implements stringent KYC (Know Your Customer) and Enhanced Due Diligence (EDD) processes. All customers must undergo thorough verification, including providing a source of funds to ensure compliance with anti-money laundering (AML) regulations.
Conclusion
Codego remains dedicated to maintaining high standards in fraud detection and prevention through continuous updates to its systems, training programs, and partnerships with industry-leading security firms. The company also emphasizes ongoing training and awareness programs for staff to stay ahead of potential threats. Regular reviews and audits ensure that the security framework remains effective and responsive to new challenges
Procedure for returning funds to fraud victims
Purpose
The purpose of this procedure is to outline the steps Codego takes to ensure the timely and transparent return of funds to victims of fraud. Codego is committed to protecting its customers and ensuring that, in the event of fraud, the recovery process is as efficient and clear as possible.
Process
Fraud detection and reporting: Fraudulent activity is first detected through internal monitoring systems (such as Seon) or by a direct report from the customer. Once identified, the fraudulent transaction is flagged, and immediate action is taken to freeze the transaction or account involved. Customers are encouraged to report any suspicious activity through dedicated channels, including phone, email, or the online platform.
Verification and investigation
Codego verifies the legitimacy of the fraud claim through a rigorous investigation process. All flagged transactions are thoroughly examined using transaction data, customer identification, IP addresses, and other relevant information. Depending on the complexity, investigations may take a few days to several weeks. Throughout this process, Codego follows KYC and AML guidelines to ensure compliance and proper identification of fraud patterns.
Collaboration with banks and payment providers
Codego works closely with third-party financial institutions, banks, and payment processors to retrieve funds involved in fraudulent transactions. This collaboration is essential, especially when transactions span multiple jurisdictions or involve international payment systems. Codego adheres to all legal and regulatory requirements in these interactions to ensure swift and legitimate action.
Refund
Codego applies strict eligibility criteria when determining if funds can be refunded. If the fraud claim is verified and the funds have not been irreversibly transferred, the victim will be reimbursed through their original payment method. In cases of authorized fraud (such as Authorized Push Payment fraud, confirmed fraud (confirmed stolen funds or identity), additional investigation may be required to establish liability before a refund is processed.
Customer communication
Throughout the process, Codego ensures that fraud victims are regularly updated on the investigation’s progress. Dedicated customer service representatives provide clear communication on the expected timeline for resolution and any required actions on the part of the customer. Transparency is maintained at every stage to ensure the customer remains informed and reassured.
Fraud metrics
Customer-level fraud metrics
1. Account Takeover (ATO) attempts:
○ Number of account takeover attempts detected.
○ Frequency of failed login attempts from unusual IP addresses or devices.
○ Number of accounts locked due to suspicious activity.
2. Know Your Customer (KYC) verification failures:
○ Number and percentage of customers failing initial KYC checks.
○ Number of customers flagged during Enhanced Due Diligence (EDD).
○ Time taken to complete KYC/EDD processes.
3. Suspicious account activity:
○ Accounts with abnormal activity (sudden large transactions, frequent transfers).
○ Frequency of changes to sensitive information (address, email, phone number).
○ Number of flagged customer accounts due to changes in transaction patterns.
4. Customer fraud risk scores:
○ Risk scores based on behavior, geolocation, device fingerprinting, etc.
○ Percentage of customers flagged as high-risk.
○ Distribution of customers across different risk score ranges.
5. Chargeback and refund ratios:
○ Number of chargebacks initiated by customers.
○ Percentage of transactions resulting in a chargeback.
○ Average value of chargebacks per customer.
6. Customer support fraud reports:
○ Number of fraud reports made by customers to customer support.
○ Time taken to resolve reported fraud cases.
○ Number of reports resulting in confirmed fraud.
Transaction-level fraud metrics
1. Fraudulent transaction volume and value:
○ Number and total value of fraudulent transactions detected.
○ Percentage of fraudulent transactions compared to total transactions.
○ Rate of fraudulent transaction attempts blocked in real-time.
2. Transaction monitoring alerts:
○ Number of suspicious transactions flagged for manual review.
○ Number of transactions escalated due to fraud risk.
○ False positive rate (legitimate transactions flagged as fraud).
3. Transaction velocity monitoring:
○ Number of transactions performed within a short period.
○ Number of flagged transactions due to unusual frequency.
○ Average value of flagged high-velocity transactions.
4. Geolocation and IP anomalies:
○ Transactions originating from high-risk geographies or IP addresses.
○ Number of flagged transactions due to geolocation mismatches.
○ Percentage of cross-border transactions flagged as suspicious.
5. Payment method risk:
○ Fraud rates per payment method (credit card, bank transfer, etc.).
○ Number of flagged transactions involving new or unverified payment methods.
○ Success rate of fraud attempts using high-risk payment methods.
6. Transaction reversal metrics:
○ Number of transaction reversals due to confirmed fraud.
○ Percentage of reversed transactions successfully recovered.
○ Time taken to reverse fraudulent transactions.
Additional metrics:
● Time to detect and resolve fraud:
○ Average time to detect a fraudulent transaction.
○ Average time to fully resolve a fraud case (from detection to closure).
○ Average duration between fraud detection and customer notification.
● Fraud prevention efficacy:
○ Accuracy of fraud detection algorithms (Seon) based on false positives/negatives.
○ Impact of fraud prevention measures on legitimate transactions (e.g., decline rates).
○ Percentage of transactions manually reviewed vs. automated detections.
Fraud management and reporting process
Fraud investigation process
Codego initiates the fraud investigation process as soon as suspicious transactions are flagged by internal systems or reported by customers. Seon, Codego’s fraud detection tool, plays a crucial role in identifying unusual patterns, unauthorized access, and potentially fraudulent activities. Once a transaction is flagged, the Fraud Department gathers relevant data, including transaction history, customer information, and technical details such as IP addresses, to assess the legitimacy of the transaction. Investigations are handled promptly to minimize financial loss and mitigate any further risks.
Blocking and reporting of fraudulent transactions
When a transaction is confirmed to be suspicious, immediate action is taken to freeze or block the funds associated with the transaction. Codego uses an automated process to block high-risk accounts, preventing further fraudulent activities. Once the transaction is blocked, Codego’s internal team files necessary reports to regulatory authorities as part of Anti-Money Laundering (AML) and Know Your Customer (KYC) compliance. The fraud cases may also be reported to law enforcement when required by legal obligations.
Returning funds
Codego follows strict criteria to determine whether funds can be returned to the victims of fraud. If the fraud claim is verified and it is confirmed that the victim had no role in facilitating the fraudulent activity, Codego works with its financial partners to reverse or return the funds. If the funds have already been transferred out, Codego collaborates with international banking institutions and payment providers to retrieve the stolen money. In cases where recovery is impossible, Codego informs the victim and may provide compensation based on the severity and nature of the fraud.
Tracking and reporting
Codego employs a comprehensive fraud management system to continuously track fraud cases from initiation to resolution. Each case is logged with detailed information, including transaction data, customer interactions, and investigation outcomes. The system enables Codego to analyze fraud trends and improve detection mechanisms over time. Monthly and quarterly fraud reports are generated for senior management and compliance teams to ensure that the company remains informed about current threats and emerging risks. These reports are also shared with regulators as part of Codego’s commitment to transparency and compliance.

Codego AML Policy
Confidentiality
All information contained in this document shall be kept in confidence. No part of this document is to be altered or copied without the written agreement of the CEO of Codego.
None of this information shall be divulged to persons other than to authorised employees of Codego, and shall be on a need to know basis. Release of this document to other parties shall be to individuals of organisations authorised by the CEO of Codego and in accordance with existing policy regarding release of company information and shall only be made available when an acceptable NDA has been signed with that party.
Summary of Changes
This paragraph records the history of significant changes to this document. Only the most significant changes are described here.



1 INTRODUCTION
This document has been created for the employees of Codego, a company with headquarters in Milano, to use as guidelines for the AML responsibilities of both the company and the staff. Basically, the guidelines contain the information which all members of staff need to be aware of in order to prevent the business from being used to launder the proceeds of crime or terrorist financing. The AML Procedures Guidelines will provide the basis for all employees to comply with all applicable requirements in this area and will contribute to employees in preserving the good name and reputation of our company. The guidelines also have the procedures at place that deeply describe the rules that all staff member is obliged to comply and to use on a daily basis , fulfilling their responsibilities.
1.1 GUIDANCE
• outlines the legislation on anti-money laundering (AML) and combating terrorist financing measures;
• explains the requirements of the Money Laundering Regulations how these should be applied in practice.
Codego will always seek to disrupt this activity by cooperating fully with the authorities and reporting all suspicious activity to the National Crime Agency (NCA)
Money laundering is generally defined as engaging in acts designed to conceal or disguise the true origins of criminally derived proceeds so that the proceeds appear to have derived from legitimate origins or constitute legitimate assets.
The main goal of Codego’s AML procedures is to reduce all possible risks in order to prohibit and actively prevent money laundering and any activity that facilitates money laundering or the funding of terrorist or criminal activities by complying with all applicable requirements under Bank Secrecy Act (BSA)/Anti-Money Laundering (USA), Directive (EU) of the European Parliament and of the Council and Visa and MasterCard regulation regarding Money laundering prevention.
Codego’s policy has a strong risk-mitigation approach (fraud prevention tools and customised risk rules) , which helps guarantee compliance with all existing AML stipulations.
It is also the policy of Codego that staff must receive AML training on the commencement of their duties. Staff will be given a copy of this procedure with guidelines and education materials and will be tested on its contents before starting any client- facing duties.
Codego AML policies, will be reviewed and updated on a regular basis to ensure appropriate policies, procedures, and internal controls are in place to account for both changes in regulations and changes in the business.
2 MONEY LAUNDERING
Cash first enters the financial system at the “placement” stage, where the cash generated from criminal activities is converted into monetary instruments. Such monetary instruments could be: money orders or traveller’s checks, deposited into accounts at financial institutions, dividing the cash into smaller amounts and make various deposits into one or more accounts at one or more banks; customer opens several accounts in different names at different institutions; employ or persuade others to deposit funds for them; purchasing goods such as jewellery, art and other assets with a view to reselling them at a later date; making deposits with the help of employees of the relevant financial institution.
A) Placement
Cash generated from crime is placed in the financial system. This is the point when proceeds of crime are most apparent and at risk of detection.
Placement Red flags for Codego:
1. Transactions from multiple accounts for the same receiver;
2. Transactions from one account to multiple receivers;
3. Transactions coming from accounts created by auction houses, betting sites or e-wallets providers mainly used by gambling and betting sites;
4. Transactions from pre-paid credit cards.
At the “layering” stage, the funds are transferred or moved into other accounts or other financial institutions to further separate the money from its criminal origin. As example: Selling assets or switching to other forms of investment; transferring money to accounts at other financial institutions; wiring transfers abroad (often using shell companies); depositing cash in overseas banking systems.
B) Layering
Once proceeds of crime are in the financial system, layering obscures their origins by passing the money through complex transactions. These often involve different entities like companies and trusts and can take place in multiple jurisdictions.
C) Integration
Once the origin of the funds has been obscured, the criminal is able to make the funds reappear as legitimate funds or assets.
Integration Red flags for Codego:
1. Outgoing transactions to countries known as “offshore” banking countries;
2. Customers are using funds of a sales of assets like as house or jewellery;
3. Customers are using the funds for purchases of real estate, buying stakes in companies, or other large assets;
4. Incoming/outgoing transactions from private people to a company;
5. Prepaid credit card transferred funds to bank accounts (unusual that the receiver is more financially inclusion than the remitter).
At the “integration” stage, the funds are reintroduced into the economy and used to purchase legitimate assets or to fund other criminal activities or legitimate businesses, for example – an inheritance, loan payments, asset sales abroad.
Terrorist financing may not involve the proceeds of criminal conduct, but rather an attempt to conceal either the origin of the funds or their intended use, which could be for criminal purposes. Legitimate sources of funds are a key difference between terrorist financiers and traditional criminal organizations.
In addition to charitable donations, legitimate sources include foreign government sponsors, business ownership and personal employment. Although the motivation differs between traditional money launderers and terrorist financiers, the actual methods used to fund terrorist operations can be the same as or similar to methods used by other criminals to launder funds. Funding for terrorist attacks does not always require large sums of money and the associated transactions may not be complex.
All members of staff are at risk of committing a criminal offence if they assist in a criminal transaction by missing the warning signs.
3 REGULATORY FRAMEWORK
The legislation in EU/UK governing money laundering and Terrorist Financing and the fight against it is contained in the following:
1. Proceeds of Crime Act 2002 (as amended);
2. Terrorism Act 2000 (as amended by the Anti-terrorism, Crime and Security Act 2001);
3. Money Laundering Regulations 2017;
4. UK Bribery Act 2010;
5. Payment Services Regulations 2009;
6. E-Money Services Regulations 2011;
7. Counter-Terrorism Act 2008, HM Treasury Sanction Notices;
8. FCA Handbook;
In addition, but not limited, references, guidance and instruction are given in HM Treasury Sanctions notices and news releases and the Financial Services Authority. It is important to note that EEA/UK legislation in respect of money laundering is “all crimes legislation”.
4. MLRO'S ROLES AND RESPONSIBILITIES
All staff must take steps to ensure compliance with this policy and ensure that they fully understand the material contained in this manual.
Responsible for the overall compliance policy of Codego and ensuring adequate resources are provided for the proper training of staff and the implementation of risk systems. This includes computer software to assist in oversight.
The MLRO (Money Laundering Reporting Officer) holds copies of all training materials. Updated AML training is given annually. Records of all training, including dates delivered and by whom, are kept both centrally and on staff personnel files.
All issues related to any noticed suspicious activity must be referred to MLRO in the first instance. The duties of the Money Laundering Reporting Officer include:
1. Monitoring the firm’s compliance with AML obligations;
2. Being designated for, and accessible to, receiving and reviewing reports of suspicious activity from employees;
3. Considering of such reports and determining whether any suspicious activity as reported gives rise to a knowledge or suspicion that a customer is or could be engaged in money laundering or terrorist financing;
4. Overseeing communication and training for employees;
5. Ensures that the firm keeps and maintains all of the required AML records and will ensure that Suspicious Activity Reports are filed. The Money Laundering Reporting Officer is vested with full responsibility and authority to enforce the firm’s AML program;
6. To receive disclosures from employees (also known as Suspicious Activity Report-SARs);
7. To decide if disclosures should be passed on to the National Crime Agency (NCA)
8. To review all new laws and deciding how they impact on the operational process of the company;
9. To prepare a written procedures manual and make it available to all staff and other stakeholders;
10. To make sure appropriate due diligence is carried out on customers and business partners;
11. To receive internal Suspicious Activity Reports (SARs) from staff;
12. To keep and review records of all decisions relating to SARs appropriately;
13. To ensure that staff receive appropriate training when they join and that the receive regular refresher training on an annual basis or if necessary;
14. To monitor business relationships and record reviews and decisions taken;
15. To make a decision on continuing or terminating trading activity with particular customer;
16. To make sure that all business records are kept for at least five years from the date of the last customer transaction.
Provision of Exemptions:
MLRO may only grant an exemption where he is clearly required or where practical experience reveals that it is necessary to do so. All exemptions will be considered on a case-by-case basis. Codego has adopted a risk-based approach to achieving its regulatory objectives and exemptions should not be considered as a way to avoid meeting our regulatory obligations. Careful consideration will be given to issues of transparency, equity and competitive neutrality in issuing exemptions. MLRO will assess the potential implications of applying an exemption and aims to adopt a consistent approach, taking account of the facts and circumstances particular to each case. Request for Exemptions from standard Customer Identification Process requirements may be received from AML and the Risk department in circumstances where, taking account of the CDD which has been obtained, MLRO is satisfied that the ML/TF risk has been adequately addressed. AML and the Risk department must use the “E-mail Exemption Request” when requesting an exemption from the Customer Identification Process. The completed e-mail must be sent to MLRO and must be approved by return of email by MLRO before any exemption can be provided.
5. RISK- BASED APPROACH
As per the Money Laundering Regulations, each regulated firm must exercise a ‘risk- based approach’ to its customers, products and business practices.
Codego operates a regimented system based upon processes. Our 5-step approach is:
• Identify the money laundering risks that are relevant to our business;
• Carry out periodic risk assessments on various parts of our business, focusing on customer behavior, delivery channels, patterns, and irregularities;
• MLRO to design and put in place effective controls to manage and reduce the impact of the risks;
• MLRO/Compliance to monitor the controls and improve efficiency;
• Maintain records of processes/systems that were checked and why we checked them.
The results of Codego annual risk assessment will be presented and approved by the Board of directors.
As a small sized entity, we review ourselves internally and base our assessment on our chosen business models, our products and services.
International AML legislation demands risk-based approach to be implemented for every financial institution. The Risk based approach helps to drive the institution’s compliance resource allocation, internal controls strategy, system structures, and enables an organization to focus on higher risk areas. Codego considers the risk-based approach as two-tiered concept. First of all, every financial institution should estimate all possible money laundering and terrorist financing risks. Secondly, every financial institution should implement its own, most appropriate for its type of business prevention concept.
Our policies are formed by using the FATF guidance on the Risk-Based Approach, that a regulated firm should adhere to, in order to effectively combat Money Laundering and Terrorist Financing. The FATF guidance supports Codego in the development of:
• A common understanding of what the risk-based approach involves;
• Outlining the high-level principles involved in applying a risk-based approach;
• Promoting Codego in the eyes of its partners, as our risk-based approach indicates a good public and private sector practice.
It is recognized that a higher level of due diligence and monitoring would be specified for business areas prone to higher AML risks. Accordingly, entities, their owners, directors whose identities can be easily identified and transactions implemented by them and large conform to the known profile, may be categorized as low risk.
Further, customers that are liked to pose a higher than average risk to Codego may be categorized as medium or high risk depending on factors such as Merchant’s backgrounds nature and location of activity etc.
All in all, the risk assessment’s scope includes, but not limited to: the type, scale and complexity of the business, the products and services sold, target markets, high risk customers, jurisdiction exposure, distribution channels, transaction size and volumes as compared to historic trends, systems, major organizational changes, and compliance testing, audit and regulatory findings.
The risk assessment should include as much information as is obtainable to provide a clear and accurate assessment.
6. IBAN ACCOUNT CUSTOMERS' MITIGATION PROCEDURE
The identification process for e-wallets is the most difficult one from different points of view. Based on each country’s legislation , there are a lot of restrictions, and also card schemes have their own regulations on this question.
One of the ways how Codego can go with IBAN account is to build the concept of motivation, remuneration and strict control.
The motivation to use the wallet should be:
• Stability;
• Safety of funds;
• Easy and understandable registration process;
• Availability on mobile devices;
• Worldwide accessibility;
• Opportunity to pay on different websites;
• Immediate payments;
• Multi-currency accounts
• 24/7 customers support.
Registration is the initial step and probably the most important step in process of attracting a new Client to a product. To make registration as painless and simple as possible, Codego attempts to capitalize on the on the waiver provided by the European regulatory regime.
Legal Background
European legislation has been adopted to protect the financial system and other vulnerable professions and activities from being misused for money laundering and financing of terrorism purposes. The primary European Union act that applies to the financial sector is the 3rd anti-Money Laundering Directive 2005/60/EC of the European Parliament and of the Council of 26 October 2005 on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing. The Directive has been transposed to all EEA and UK legislation in form of Law on the Prevention of Laundering the Proceeds from Criminal Activity (Money Laundering) and of Terrorist Financing. The law specifies cases where simplified due diligence may be applied.
Simplified due diligence
Simplified due diligence may be applied to non-reloadable purses, accounts, and otherwise payment instruments in physical and digital form. Where electronic money purses cannot be recharged and the total purse limit does not exceed 500 EUR (verification of identity does not need to be undertaken. This takes into account the ability of individuals to purchase multiple purses and to, therefore accumulate a higher overall total of purchased value.
Those issuers that provide electronic money purses that can be recharged, whether card or purely server-based, are required to undertake verification of identity procedures only when the annual turnover limit of 2,500 EUR is exceeded or if the customer seeks to redeem (withdraw in cash) more than the 1,000 EUR annual allowance.
Where purses can both send and receive payments, such as, for example, in online account-based products that enable person -to- person payments, the 2,500 EUR turnover limit is applied separately to sending and receiving transactions. In other words, the turnover limit is calculated separately for credit and debit transactions, and the verification requirement is applied when either of the two is exceeded.
In respect of products benefitting from simplified due diligence, identity must be verified before cumulative turnover limits are exceeded. Systems must , therefore be in place to anticipate the approach of limits and to seek identification evidence in good time, before the annual turnover limits are reached. The customer’s account must be frozen if the limits are reached before verification of identity has been completed.


Verified user:
Verified user account allows users had passed full AML/KYC procedures and we fully know our customer and his personality
Verification process:
• Pass screening procedures in World Check and other services;
• Pass documents due-diligence procedure;
• Verify bank account with 1 EUR (USD) transaction;
• Pass address verification by receiving an envelope with secure 4 digits and 2 letters code
• Pass video biometric verification with device and mobile application becoming unique token authorization for users
Unlimited user:
Unlimited user refers to client rage who has active wallet during the last 6 months from the registration period. These users are not simply verified account holders but also clients that are active and we see their financial flows and understand income sources.
Unlimited user account status:
• Pass all verification procedures;
• Active account for the last 6 months;
• Added +1 family member of colleague with verified account;
• Active usage of IBAN account top-up and settlement method;
• For the users who operate with more than.

Customer KYC/AML profile:
This profile is used be the monitoring and risk department to have full access to customers’ profiles and data with the opportunity to open any day log file and investigate his activity or unusual behavior


After the first stage Codego should:
• Create a user profile;
• Tick the verified email or phone number;
• Check person in screening services for alerts;
• Activate the profile.
The second stage include additional verification to grant user right to operate with account:
• Add ID data;
• Add physical and declared address;
• Upload ID scan;
• Upload utility bill.
Completing this stage, Codego risk department should check the provided documents, run Checks and assign the first level of Codego e-wallet user account grade. User s based on this verification can:
• Transfer money;
• Pay for goods and services;
• Receive money;
• Withdraw money to his bank account.
There should also be assigned the appropriate monthly and annual limits.
7. MERCHANTS RISK MITIGATION PROCEDURE
Codego understands that the Risk Assessment starts during the Underwriting Stage. That is why merchant screenings are implemented in order to spot any potential threat to our business operations and to our reputation. Codego partners with world first class risk prevention and mitigation services and others to enhance the merchant checks by doing the following:
Merchant screening before boarding: a comprehensive background report is provided, which allows us to know who we’re dealing with before signing the contract. It also reduces the time needed to conduct due diligence of merchants;
Simple and regular Merchant monitoring: it provides automatic follow ups on our current merchants’ online activities;
Constant long-term protection: the software protects our reputation by reducing the risk of falling victim of fraudulent merchants.
Also during the underwriting stage, the merchant is provided with general and specific processing rules which serve as guidelines for the future partnership with Codego. Among other things, such rules aim to anticipate and reduce the threats associated to each type of merchant.
8. CARDHOLDERS RISK MITIGATION PROCEDURE
Codego identifies the money laundering and terrorist risks presented by:
• Geographic area of operation;
• Product;
• Customer;
• Delivery channel.
Cardholders are classified according to their risk level:
• Low Risk;
• Medium Risk;
• High Risk.
In determining a risk assessment for a cardholder, the presence of one factor that might indicate higher risk does not automatically establish that a customer is higher risk. Equally, the presence of one lower-risk factor should not automatically lead to a determination that a customer is lower risk.
9. POLITICALLY EXPOSED PERSONS (PEPS)
PEPs are defined as individuals who have been entrusted with a prominent public function outside of the EEA/UK. Codego will also extend the definition of a PEP to any immediate family member and/or close associate of the person mentioned above in order to comply with regulations, Codego ensure that all accounts relating to PEP’s must:
• Be approved by the MLRO;
• Be subject to enhanced due diligence;
• Codego consider s all transactions and any association with a PEP as high risk. Any transactions or requests from a PEP (or someone who you think is a PEP) must be signed by MLRO. Any PEP wishing to become Codego’s customer shall be asked to verify the source of their funds.
The definition of a PEP is set out below:
• Is or has, at any time in the preceding year, been entrusted with prominent public functions;
• Is an immediate family member of such a person;
• Is a known associate of such a person;
• Is or has, at any time in the preceding year, been entrusted with a prominent public function by:
o A state other than the European Community;
o The United Kingdom or
o An international body; or
• Is an immediate family member or a known close associate of a person referred to in the paragraph immediately above
It is a matter of company policy that all customers will be required to indicate whether they or any member of their family has previously worked in a non-EU country at any time in the preceding 12 months. In case the answer is yes, the cashier must make enquiries to establish whether the customer may meet the criteria for being ‘politically exposed’.
In cases where a PEP is identified:
• Senior management approval should always be sought before establishing a business relationship with a PEP;
• The source of funds should be established;
• The business relationship should be subject to enhanced monitoring.
10. SANCTIONS SCREENING
Sanctions are normally used by the international community for one or more of the following reasons:
• to encourage a change in the behaviour of a target country or regime;
• to apply pressure on a target country to comply with set objectives;
• as an enforcement tool when international peace and security has been threatened and diplomatic efforts have failed;
• to prevent and suppress the financing of terrorists and terrorist acts.
Financial sanctions are normally one element of a package of measures used to achieve one or more of the above. Financial sanctions measures can vary from comprehensive – prohibiting the transfer of funds to a sanctioned country and freezing the assets of a government, corporate entities and residents of the target country – to targeted asset freezes on individuals/entities.
Taking into consideration both EU and US regulations, Codego uses additional tools to check potential or actual Merchants against OFAC and non-OFAC sanction lists. It is essentially important for Codego not to establish any business activity with the companies (individuals) which are included in these lists
Before opening an account, and on an ongoing basis, Codego will check to ensure that a customer does not appear on the sanction list or is not engaging in transactions that are prohibited by the economic sanctions and embargoes administered and enforced by EU, US and United Nations.
Codego checks every Merchant and their cardholder who implements transactions for large amounts against three existed Sanctions Lists: OFAC list, European Union Sanction List, United Nations 1267 List.
If Codego determines that a customer is on the one of sanctions list or is engaging in transactions that are prohibited by the economic sanctions and embargoes administered and enforced by regulations, the company will reject the transaction and/or block the customer’s assets and file a blocked asset and/or rejected transaction.
Taking into account the cross-border business of Codego, it is very carefully processing its customers CDD, EDD, ongoing transaction monitoring and other activities to prevent possible violation of the ML/ TF and other limitations/restrictions.
As Codego will use automated screening program with ‘fuzzy matching’ logic and which is calibrated in accordance to Codego risk level, once the integrated screening lists (including OFAC SDN list) will be updated within the program, the screening process will be performed using the most recent lists immediately, but in any case, not later than within 1 week after the screening lists updated.
Customers with whom a business relationship is established would be screened against relevant notices published by:
• European Union sanctions (EU);
• Her Majesty’s Treasury Department – UK (HMT);
• OFAC.
If a positive match is discovered, the responsible employee must inform MLRO immediately. MLRO must investigate received information and if positive match, inform the responsible employee which must block the customer in operational system until consent is given to proceed or refuse. MLRO makes a disclosure to the relevant.
11 CUSTOMER DUE DILIGENCE
Codego applies Due diligence at the start of customer engagement by identifying and verifying the customer identity on the basis of documents, data or information obtained from a reliable and independent source
Codego conducts CDD both for natural customers, business customers, merchants and cardholder, as detailed below.
Codego identifies the Beneficial Owner of the Customer (in case of both, legal entities and individuals) and takes adequate measures, on a risk sensitive basis to verify his identity (including in the case of a legal person, trust or similar legal arrangement, measures to understand the ownership and control structure).
Codego creates policies and procedures that relate to customer due diligence, ongoing Monitoring, suspicious reporting and record keeping.
If any suspicions are identified, then these should be raised to the MLRO for further investigation by completing the relevant internal Suspicious Activity Report (SAR) form.
The purpose of the Customer Due Diligence (CDD) process is to collect, process, verify and keep the information about Codego customers, due to minimize the possible and potential ML/TF risks. There are circumstances in which enhanced due diligence should be applied and others in which simplified due diligence may be appropriate:
• It should be recognized that certain situations present a greater risk of money laundering or terrorist financing. Although the identity and business profile of all customers should be established, there are cases in which particularly rigorous customer identification and verification procedures are required;
• Relationships with individuals who hold or who have held important public functions, within the Union or internationally, and particularly individuals from countries where corruption is widespread.
Customer identification:
For the purposes of further, Codego must identify its Customer unless the identity of that Customer is already known to, and has been verified by, the relevant person. After the Customer has been identified, Codego must verify the Customer’s identity unless the Customer’s identity has already been verified by the relevant person. Amount of information to be received from a Customer depends on whether the Customer is a legal entity or an individual (natural person), namely:
If a customer is a legal entity, at least the following information must be received for identification purposes: company name; registration number; address of the registered office (and, if different, its principal place of business); the law to which the legal person is subject; its constitution (whether set out in its articles of association or other governing documents); full names of the board of directors (or if there is no board, the members of the equivalent management body) and the senior persons responsible for the operations of the legal entity.
If a customer is an individual (natural person), then at least the following information must be received for identification purposes: name and surname; personal identity number (if such exists); date of birth; photograph on an official document which confirms his/her identity; residential address; number and date of issue of the personal identification document, state and authority which has issued the document; period of validity of identification document.
Customers Who Refuse to Provide Information:
A risk-based approach lies in a very foundation of Codego AML program. The rule that Codego considers as one of the most important is Know your Customer in order to minimise all possible risks connected both with unknown identity of Natural Customers, Business Customers, Merchants as well as Cardholders, which can be caused by Lack of Verification and unusual merchants or Cardholders behaviour which could be detected during ongoing transactions monitoring.
In a case when a potential Merchant refuses to provide the required information, Codego doesn’t establish any business relationship with such kind of merchant and doesn’t take it on board. If Codego reveals the fact that a Cardholder who implements large amount transaction doesn’t want to provide the information needed for establishing his/her identity Codego doesn’t approve this transaction and further transactions made by this Cardholder unless he provides all required documents.
Customers – Insufficient or Suspicious Information:
• Provides unusual or suspicious identification documents that cannot be readily verified;
• Reluctant to provide complete information about nature and purpose of business;
• Background is questionable or differs from expectations based on business activities;
• Customer with no discernible reason for using the firm’s service.
Codego scrutinizes transaction flow throughout the course of any business relationship to ensure consistency with the knowledge of customers, their business and risk profile. The MLRO conducts ongoing monitoring of all high-risk activity, including customers who regularly implement transactions for large amounts.
List of Acceptable Identification:
• Current passport.
• Current National Identity Card.
• Current EU/UK Residence Permit (Issued by the Home Office).
• Current full EU/UK photocard driving licence (provisional licences are acceptable for U18s only).
• Current full EU/UK driving licence (old style paper version).
List of Acceptable Address Verification:
• Utility bill (dated within last 3 months).
• Bank, Building Society, Credit Union statement – showing current activity (dated within last 6 months). Certain conditions may apply for overseas financial providers.
Non-EU/UK Residents:
Due to new legislation, Non EU/UK residents must always present their Passport or National Identity card when applying for an account.
11.1 SIMPLIFIED DUE DILIGENCE (SDD)
Simplified due diligence means – not having to identify the customer, or to verify the customer’s identity, or, where relevant, that of a beneficial owner, nor having to obtain information on the purpose or intended nature of the business relationship.
It is, however, still necessary to conduct on-going monitoring of the business relationship. Codego must have reasonable grounds for believing that the customer, transaction or product relating to such transaction falls within one of the categories set out and may have to demonstrate this to their supervisory authority.
Clearly, for operating purposes, Codego will nevertheless need to maintain a base of information about the customer. Codego may apply a ‘lighter touch’ in terms of the extent of CDD undertaken.
Also, mandatory would be applied under SDD, sanctions and PEP’s screening procedure to ensure that companies’ customers are not listed before getting into relationships.
Customers without full KYC documentation on file are limited to:
• no more than 250.00 EUR for a single transaction;
• no more than 1,000.00 EUR in a 12-month period;
• no more than 2 approved transactions in 6 months.
The limits above apply to the Customer, regardless of number of cards used.
Customers with full KYC documentation on file and approved by Codego Risk and Compliance Department:
• Transaction amounts less than an agreed- upon threshold will be Captured Automatically;
• Transaction amounts in excess of an agreed- upon threshold will be placed in a queue for approval by the Codego Risk and Compliance Department.
Codego only accepts transactions for Countries that are not considered high- risk jurisdictions by FATF and OFAC.
11.2 ENCHANCED DUE DILIGENCE (EDD)
Codego’s Enhanced Due Diligence (EDD) policy is designed to obtain as much information as possible in order to ensure the validity of the transaction and that Codego complies with ML Regulation (2007), POCA (2002), Terrorism Act (2000) and the EU Money Laundering Directives. In practical terms, EDD will include:
• taking reasonable measures to establish a customer’s source of wealth – source of wealth is distinct from source of funds, and describes the activities that have generated the total net worth of a person, i.e. those activities that have generated a customer’s income and property;
• considering whether it is appropriate to take measures to verify source of funds and wealth from either the customer or independent sources (such as the Internet, public or commercially available databases);
• obtaining further CDD information (identification information and relationship information);
• taking additional steps to verify the CDD information obtained;
• commissioning due diligence reports from independent experts to confirm the veracity of CDD information held;
• requiring more frequent reviews of business relationships (twice per year);
• carrying out stricter monitoring of transactions and setting lower transaction thresholds for transactions connected with the business relationship, and;
• setting alert thresholds for automated monitoring at a lower threshold for PEPs.
Customers subject to EDD are required to provide a written confirmation regarding the legal origin of funds. Failure to provide such may result in a transaction being held.
The degree of EDD must be determined by MLRO on a case-by-case basis.
11.3 BUSINESS CUSTOMERS/MERCHANTS FULL DUE DILIGENCE (FDD)
It is important for Codego’s AML program to obtain sufficient information about each Business Customer/Merchant that allows the evaluate the risk presented by that customer and to detect suspicious activity.
Business Customer/Merchant Due Diligence of a risk- sensitive bas is depending on the type of client, business relationship, or services to be provided is the foundation of Codego Data AML compliance program. Merchant Due Diligence provides the firm with a baseline for evaluating customer transactions to determine whether the transactions are suspicious and need to be reported.
The main goals of MDD for Codego are:
• Be satisfied that Business Customer/Merchants are who they say they are;
• Understand whether its customers are acting on behalf of others and the identity of any beneficial owner(s);
• Understand its customers’ circumstances to guard against their being used for fraud, money laundering or other criminal activity.
Steps of Business Customer/Merchant Due Diligence:
• Obtaining information to identify the Business Customer/Merchant(s);
• Verifying the Business Customer/Merchant and/or beneficial owner(s) identification information;
• Collecting KYC optional documents;
• Conducting Business Customer/Merchants screening.
Obtaining information to identify the Business Customer/Merchant(s):
Codego follows procedures to identify all Business Customers /Merchants that the company has relationships with. During underwriting stage, Codego requires all the documents needed for the Business Customer/Merchant identification. Business Customer/Merchant boarding and application process starts with completing merchant’s KYC. Our document requirements comply and often surpass the standard requirements:
• Codego forms;
• Corporate documents:
o Certificate of incorporation;
o Incorporation documents showing directors and shareholders (not only company representatives, we perform full UBO identification, in case of more complex structures, we collect information about all owning companies)
• Passport/national ID(s) of directors and shareholders owning more than 2% company shares (we do accept companies created with hosts);
• Bank statements as a proof of accomplished bank’s verification procedures (recent 3-6 months);
• Processing statements (recent 3-6 months);
• Company utility bills;
• Re-presentment files;
• Domain ownership.
Forms:
• Pre-application form – containing basic information, useful while presenting a merchant;
• Preliminary scan form – a substitution (along with forecast) for the pre-application. Contains basic company data required to start automated reputational checks;
Verifying the Business Customer/Merchant and/or beneficial owner(s) identification information:
• In some cases, the Business Customer/Merchant’s information is obtained directly from the customer. In other situations, the information is obtained from other sources. Irrespective of how or where the identification information is obtained, a determination must be made whether the information also needs to be verified.
Irregularities in the above documentations may be indicators for suspicion, leading Underwriters and Risk staffs to do additional research.
Before onboarding process, Codego estimate all risks connected with:
• Business Customer/Merchant’s actual or anticipated business activity;
• Business Customer/Merchant’s ownership structure;
• Anticipated or actual volume and types of transactions;
• Transactions involving high-risk jurisdictions.
KYB Optional Documents
For some specific merchant applications (related to higher risk or for merchants providing services that may be regulated by some authorities) we might request some more specific documents:
• Resume or CV(s) of directors and owners and detailed business plans with 6-month prognosis (if processing history not available);
• Annual tax documents (for company and director or shareholder);
• Business / operating licenses and permits;
• Legal opinions – in case of any doubts about the Merchant’s business if it is legal in the incorporation country;
• Certificate of Good Standing issued by competent authorities (issued for example by states secretaries);
• List of businesses that Company principals and/or beneficial owners own(ed)/operated) or have been involved in the past 5 years (statement).
Apart from additional documents in some cases collaterals could be implemented and have to be properly calculated (for example in case of long breaks between payment and fulfilment, i.e. Travel agencies).
Conducting Business Customer/Merchants screening
• Codego understands that the Risk Assessment starts during the Underwriting Stage. That is why merchant screenings are implemented in order to spot any potential threat to our business operations and to our reputation;
• Reputation should be handled in two ways – manual and automatic/semi-automatic. For manual checks the key tool is the web search engine (i.e. Google, Bing, Yahoo) along with some more specific tools like who.is (for domain information), robtex.com (for domain and IP related checks) and alexa.com (to estimate the website traffic);
• During manual check some key data like Business Customer/Merchant name, directors’ names, URL address and related phones, emails and addresses should be checked along with phrases that may occur in regard to the business model (i.e. crime, scam, review) to narrow search results to the results really interesting in terms of international investigation (i.e. if merchant’s director is a felon or a convict or known fraudster);
• Generally, in case of suspicious Business Customer/merchants usually director’s full name or merchant’s company name should return some results that will give the initial information to follow up or reject application at the early stage, however that is not a rule and sometimes the important results are found in most unexpected places.
Website Compliance Check
• Codego implements checks of Business Customer/Merchant websites that must comply to the following requirements. Every website that is about to be used for ecommerce processing must comply to the specific requirements regulated by card schemes (Visa/MC):
• Clear posting of the Refund and Return Policy;
• Clear Privacy Policy;
• Clear statement on website regarding security controls used to protect customers;
• Clear posting of the Terms and Conditions;
• Clear posting of the customer service telephone number and email address;
• Clear posting of delivery methods and delivery times (if applicable);
• Clear posting of the company legal name and corporate address;
• Clear posting of the billing descriptor on the payment page;
• Card Schemes logos visible on the payment page.
Contact information and customer support are always verified by performing test calls/emails.
Automated Checks
Parallel to manual screening we are also executing external tools provided by 3rd party companies, i.e.
To run that automated screening Codego requires completed preliminary scan form, that contains following data:
• Company name, registration number and address;
• Director’s name, passport number and email address;
• UBO’s (Ultimate Beneficial Owner) name, passport number and email address;
• Merchants bank details;
• Website address.
11.4 REGULAR CUSTOMERS/CARDHOLDERS FULL DUE DILIGENCE
Codego follows reasonable procedures to verify and identify customers/cardholders who makes transactions for large amounts (customers/cardholder due diligence). Such procedure of identification and verification of customers/cardholders based on information the firm collects from the customers/ cardholder and then this information is verified.
Codego risk department, first of all, collects certain customer identification information from each customer who implements transaction for large amount, secondly, utilizes risk-based measures to verify the identity of every customers/cardholders who implements transaction for large amount, thirdly, records customer identification information and the verification methods and results, finally, using gathered information about the cardholder, risk department makes cardholder screening against OFAC and other sanction lists.
CDD process steps:
For all customers CDD must be completed prior enter into the relationship and it is necessary to complete the steps as follows:
• Perform identification and verification – identify and where required verify the identity of the prospective customer and related parties;
• Screen all customers and related parties against the EU list, HM Treasury sanctions list, and OFAC SDN list, UN list;
• Screen all customers and related parties to determine if there are any PEPs associated with the customer, by using public, trustable and opened information source;
• Determine customer risk rating;
• Complete EDD as required by the risk rating,
Minimum information to create customer’s file
Natural persons:
• Name, surname;
• Original and current identification evidencing nationality or residence and bearing a photograph or similar safeguard, such a passport, national identification card or alien identification card with date of birth and place of birth;
• Living address and postal code;
• Officially certified copies of the above documents;
• Disclaimer/questionnaire for the origin of funds not being derived from the proceeds of crime.
Legal entities:
• Company’ name;
• Beneficial owner name;
• Ownership memorandum, article of association etc.;
• Legal and physical address;
• Other relevant documentation such as company’s activity details, expected turnover or expected etc.;
• Officially certified copies of the above documents;
• Expected type and volume of transaction;
• Main counterparties and countries;
• Disclaimer/questionnaire for the origin of funds not being derived from the proceeds of crime.
Codego requirements for the customers/cardholders who exceed certain thresholds include following documents:
• A signed Authorization Form (form must be as provided by Codego or approved by the Risk and Compliance Department if furnished by the Merchant);
• A copy of a valid government issued ID with photo;
• A copy of a recent utility bill or a bank statement displaying the home address as stated in the Authorization Form.
In verifying the information, we will consider whether the identifying information that we receive, such as the customer’s name, street address, zip code, telephone number (if provided), date of birth allows us to determine that we have a reasonable belief that we know the true identity of the customer (e.g., whether the information is logical or contains inconsistencies).
Appropriate documents for verifying the identity of customers include the following:
• For an individual, an unexpired government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguard, such as a driver’s license or passport; and
• For a person other than an individual, documents showing the existence of the entity, such as certified articles of incorporation, a government-issued business license, a partnership agreement or a trust instrument.
12 ONGOING TRANSACTIONS MONITORING REVIEW
Codego pays special attention to ongoing monitoring of transactions, customers behaviours in order to prevent all the possibilities of fraud and money laundering appearance. The company monitors client’s’ instructions and transactions to ensure that they are consistent with those anticipated, that possible grounds to suspect money laundering will be noticed and scrutinized, and that changes requiring a re-assessment of money laundering risk will be acted upon
Possible risks associated with customer behaviour:
• Risks posed by regular customer;
• Risks posed by business customer or merchant;
• Geography risks.
Following possible risks can be connected with Customer who uses payment cards:
• Cardholder uses a stolen card or account number to fraudulently purchase goods/services online;
• Uncharacteristic transactions which are not in keeping with the customer’s known activities;
• Family member uses payment card to order goods/services online, but has not been authorized to do so;
• Cardholder falsely claims that he or she did not receive a shipment.
Risks posed by business customers or merchant:
• Unscrupulous merchant employee steals cardholder data and fraudulently uses or sells it for unauthorized use or identity theft purposes;
• Selling illegal or defective products (brand piracy, child pornography, prescription narcotics);
• Circumventing blacklisting by the Merchant Category Code. Especially in the credit card industry this is referred to as “miscoding”.
Geography Risks:
• High-Risk IP addresses;
• Peaks of activity at particular locations;
• Multiple cards used from a single IP (Internet Protocol) address;
• Multiple payments done from one location.
13 FRAUD MITIGATION MEASURES
Codego implements fraud-screening tools to identify high-risk transactions. Codego makes check of high-risk Customers and Business Customers addresses. It helps the company to reduce fraud by comparing the addresses given by the Customers or Business Customers to high-risk addresses in Codego own negative files. Codego pays special attention to high-risk locations such as mail drops, prisons, hospitals, and addresses with known fraudulent activity.
Codego establishes velocity limits and controls. Every Business Customers has its own limits per every payment (as max permitted transactions per day, week and month along with permitted transactions amount).
14 STAFF TRAINING AND AWARENESS
The Regulations requires all financial institution ensure that all employees are aware of the policies and procedures that have been put in place to prevent the company from being sued for money laundering or terrorist financing purposes. Each company must also take steps to ensure that all employees are aware of the requirements and their own obligations.
The AML Guidelines will be given to all employees to meet the foregoing requirement. The AML Guidelines with its more detailed provisions will be given to employees having dealings with or other contact with Merchants and Cardholders to further support this obligation.
Non-compliance with the AML Guidelines may result in disciplinary actions. Before a decision with regard to disciplinary action is taken, the seriousness and merits of each case shall be appraised by the Management.
Codego will develop ongoing employee training under the leadership of the Money Laundering Reporting Officer, Head of Risk and Compliance department and senior management. The training will occur on at least an annual basis. It is important, as part of ongoing staff training, to make staff aware of changing behaviour and practices amongst money launderers and those financing terrorisms.
Staff training on anti-money laundering and counter terrorist financial will be carried out annually for all staff members, and details will be recorded and stored in the company achieve.
One of Codego’s key controls in mitigating the threat of being used for money laundering is having staff that is aware of and alert to the threat. All staff, whether on a full-time, part-time or contract basis, are made aware of our anti-money laundering policy, manual and the obligations arising from them for both themselves and Codego provides training on anti-money laundering.
These training comprising two key elements:
• Induction Training – The MLRO is responsible for identifying relevant new staff that are required to undertake induction training within 45 days after requirement. The training is provided by the MLRO or the MLRO will engage external AML Advisors and is face to face training. The content of the training includes awareness training, covering Money Laundering and Terrorist Financing. Understanding of the subject matter is assessed throughout the training through case studies. Until a new member of staff has been signed off as competent no direct customer contact is allowed;
• Refresher Training – all relevant staff must undertake face to face refresher training on annual basis. The training is provided by the MLRO or the MLRO will engage AML Advisors and assessment of staff understanding is carried out throughout the training.
Codego will obtain acknowledgement from staff that they have received the necessary training by requesting staff to sign their attendance at training sessions. Overall monitoring of attendance is recorded manually and stored on the AML file. Certificate will be provided to each participant on successful completion.
15 PROHIBITIONS ON CUSTOMER RELATIONSHIPS
Codego, in considering money laundering risks, regulations and guidance, decided that certain types of relationships are unacceptable:
• shell banks;
• individuals or entities that are on relevant sanctions lists issued by countries in compliance with UN resolutions or to which countries have applied sanctions unilaterally (EU, UK, US and others);
• individuals or entity whose identity cannot be verified or
• who refuses to provide the information required to verify identity or required for account opening purposes; or;
• who has provided information that contains inconsistencies that cannot be resolved after further investigation;
• Where there is suspicion or evidence of found, money laundering or other criminal activity or involvement;
• If falsified documentation or information is detected during the account opening/relationship establishment process;
• Individuals, entities and organisations sanctioned by UN, EU, HM Treasury list or OFAC;
• An account using a pseudonym or number rather than the actual name of the customer;
• Anonymous ownership entity accounts, where the ownership of the entity cannot be determined because the entity has a form or structure that prevents an account accurate identification of the Beneficial Owners;
• Unlicensed financial institutions, including unlicensed currency exchange houses and money transmitters, and
• Persons involved in unlawful internet gaming business;
• Customers – merchants whose business Merchant Category Code (MCC) is included into the International Card Organisations prohibition list.
16 SUSPICIOUS ACTIVITY REPORTING
The Proceeds of Crime Act 2002 (POCA) requires (amongst other things) that when in the course of business, a member of staff of Codego comes across what is described as Suspicious Activity it should be reported in the first instance to the MLRO.
There is no definitive list of what constitutes suspicious activity, however, if the principles of KYC are rigorously applied, then in the course of conducting business with the client, sufficient information should be available, to make a judgment about what constitutes suspicious activity in each case.
When suspicious activity is suspected, the following procedures will be followed:
• The person suspecting should immediately make a written report or e-mail to the MLRO If urgent, telephone first, then follow up with a written report;
• No discussion with other members of staff should take place. A record of the date and time of the report should be recorded;
• Acknowledgement of the receipt of the report should be obtained from the MLRO. This can be done via a receipt email from the MLRO;
• New suspicion of the same client means a new report must be made;
• Failure to report knowledge or suspicions of laundering of the proceeds of crime is a Maximum Five years imprisonment and/or an unlimited fine.
Tipping off
It is an offence to make a disclosure which is likely to prejudice any investigation which might be conducted following the making of a Suspicious Activity Report Maximum 2 years imprisonment/or an unlimited fine.
Money Laundering
It is an offence to conceal, disguise, convert, transfer or remove criminal property from the Europe and United Kingdom. Maximum Fourteen years imprisonment and/or an unlimited fine:
• It is an offence to enter into or become concerned in an arrangement which he knows or suspects facilitates the acquisition retention use or control of criminal property by or on behalf of another;
• Maximum Fourteen years imprisonment and/or an unlimited fine;
• It is an offence to acquire use or have possession of criminal property;
• Maximum Fourteen years imprisonment and/or an unlimited fine.
If in doubt report your suspicion to MLRO, you have then complied with your obligation.
All contact with Law Enforcement Agencies will be handled by the MLRO.
The MLRO is responsible for providing information and updates to the legislation as and when they occur
Codego consider s any failure to comply with any of the relevant legal or regulatory requirements by any member of staff to be gross misconduct and will lead to immediate dismissal of that member of staff.
• High Risk Customers: twice a year;
• Medium – and low-risk customers: Once a year.
Codego employees could face prosecution if it is proven that nobody did make a report to our own MLRO, even though one had reasonable grounds for suspicion. Codego has made a SAR template (see Annex 1) available to staff, all reports must be made using this template to ensure consistency.
From the moment, a suspicion of money laundering arises no further work will be carried out on the matter that gave rise to the suspicion. Neither commercial considerations nor the difficulty in responding to the client’s enquiries on the matter shall be permitted to take precedence over Codego ‘ s legal obligations in this regard.
In such circumstances, the MLRO shall act with all possible speed to enable work to continue, and assist staff in any communications with the client affected.
As soon as a member of staff forms or becomes aware of a suspicion of money laundering, no further work is to be done on the matter giving rise to suspicion. If there is any likelihood of the client becoming aware that work has stopped, for example because an anticipated transaction has not gone through, the member of staff concerned must contact the MLRO for instructions on how to handle the matter with the client.
On receipt of a suspicion report, the MLRO shall:
• instruct the originator of the report and any other staff involved to cease work on the matter , giving rise to suspicion;
• decide in the shortest possible time whether all work for the client concerned should be stopped or whether other work that is not the cause of suspicion may continue, and advise relevant staff accordingly;
• assist all affected staff in handling the matter with the client so that no tipping- off offence is committed;
• When work for a client has been stopped, the MLRO shall carry out the evaluation of the suspicion report as quickly as possible to decide whether a disclosure must be made to the authorities;
• If the MLRO decides that there are no reasonable grounds to suspect money laundering, he will give consent for work to continue on his own authority.
• If the MLRO decides that a disclosure must be made, he will request consent to continue from NCA as quickly as possible.
• On giving consent to continue, either on his own authority or on receipt of notice of consent or implied consent from NCA, the MLRO will confirm this in writing to the affected staff.
• If consent is refused by NCA, the MLRO will take advice from NCA.
It is important that all employees and management are properly trained and remain vigilant of potential money laundering. The report should be made as soon as reasonably possible – this should normally be within the first 24 hours after discovery.
17 RECORD KEEPING
Entities have to retain the following documents and information in accordance with national law for the purpose of preventing, detecting and investigating, by competent authorities, possible money laundering or terrorist financing:
• In the case of customer due diligence, a copy of the documents and information which are necessary to comply with the customer due diligence requirements for a period of five years after the end of the business relationship with their customer or after the date of an occasional transaction;
• The supporting evidence and records of transactions, consisting of the original documents or copies admissible in judicial proceedings under the applicable national law, are necessary to identify transactions for a period of five years after the end of a business relationship with their customer or after the date of an occasional transaction.
CDD and transaction records
We will store records of all transactions for 5 years from the conclusion of the transaction on behalf of our customers or the end of the relationship. The records we must keep are:
• Copies of or references to the evidence of the customer’s ID obtained under our CDD requirements; and
• The supporting evidence and records in respect of the business relationships and occasional transactions, which are subject of CDD or ongoing monitoring.
All records of CDD documentation are scanned and upload into our operational system linked in the customer’s unique reference number.
Internal and External SAR records
As previously indicated, all internal reports will be kept on the SAR file as opposed to the customer file. The report will be kept for 5 (five) years. In addition to this, all SAR submitted, including correspondence with FCA or HMRC, will be kept for unlimited period of time.
Training records
The company maintains records of all AML training undertaken by staff, the date it was provided and the results of any tests if applicable. These records will be kept for 5 (five) years following the end of employment with the company.
Internal procedures, training and feedback
Entities have to implement group-wide policies and procedures, including data protection policies and policies and procedures for sharing information within the group for AML/CFT purposes. Those policies and procedures shall be implemented effectively at the level of branches and majority-owned subsidiaries in Member States and third countries.
Member States shall require that obliged entities that operate establishments in another Member State ensure that those establishments respect the national provisions of that other Member State transposing this Directive.
Audit results
All audit results must be kept for 5 (five) years following the date of the Board of Directors approval of them.
AML program audit and testing
To provide reasonable assurance that Codego AML program is functioning effectively, Codego conducts an audit of its AML program. an audit is conducting the on regular bases, at least every 12-18 months, if ML Risk assessment results will be rated as moderate, high or severe and every 18-24 months is the results will be rated as law and intermediate.
The main actions of the audit will cover:
• Examination of AML processes compliance with applicable Laws and regulation;
• Customer files review;
• Incoming/outgoing transactions review;
• Examination of representative documents to determine whether customer identification and verification procedures are being followed;
• Whether CDD and EDD are being properly applied;
• Whether the suspicious activity is being properly alerted investigated, escalated and reported;
• Whether severance of a customer relationship;
• Merchants including process into International Card Organizations blacklists (VMAS/MATCH) and scoring systems;
• Reporting process to International Card Organizations;
• Whether complaints process was initiated by the customer etc.
The audit results must be reported and an appropriate action plan must be established and presented directly to the Board of Directors.
Terms and Conditions for provision of SEPA payment accounts
1. General provisions
The present Agreement is concluded between Codego and the Client.
1.1 Object of the Agreement:
The present Agreement determines the main terms and conditions between the Client and Codego when the Client opens an Account at Codego by registering in its System and uses other services provided by Codego. Conditions of separate services provided by Codego are set under the Supplements to the Agreement, other agreements and rules which are an integral part of the present Agreement.
These conditions apply to the Client after the Client becomes acquainted with the terms of the agreement and starts using the respective services. In addition to the present Agreement, the relationship between Codego and the Client related to provision of Services is also governed by legal acts applicable to the Client, agreements concluded with the Client, other agreements, rules and principles of reasonableness, justice, and fairness.
Codego shall keep under secrecy any data that have become known to it from its relations with the Client, included data about the Client, their Account, and payment transactions (hereinafter the Client’s data subject to banking secrecy) for an unspecified term. Codego may disclose the Client’s data subject to banking secrecy to a third party if it arises from the legislation or from the general terms and conditions of Codego.
1.2 Definitions:
Agreement: means the Agreement between the Client and Codego, which includes the present Terms and conditions for provision of payment Accounts for business clients, and any other conditions and documents (supplements, agreements, rules, declarations, etc.).
Business Day: means a day when Codego provides its services, set by Codego. Codego can set different business days for different services.
Client / Customer: means a legal person or a natural person who has concluded the Agreement on Codego services.
Client’s Representative: means the executive manager of the Client, or the Client’s other representative, who is authorized to represent the Client in cooperation with Codego under legal acts and/or activity documents of the legal person.
Client Identification: means verification of the identity of the Client and/or their beneficial owners under the procedure laid down in the System.
Commission Fee: means a fee charged by Codego for a Payment Transaction and/or related services.
Consent: means consent of the Payer to perform a Payment Transaction submitted under the procedure set forth by Article 8 of the Agreement.
Electronic Money: means the Client’s money charged or transferred to and held in a Codego Account, designated for Payment Transactions via the System.
Party: means Codego or the Client.
Password (Passwords): means any code created by the Client in the system, a code created by the Client and used for Strong Client Authentication, or a code provided to the Client for access to the Profile and/or the Codego Account, or for the initiation, confirmation, and management of separate services of Codego, and/or initiation, authorization, implementation, confirmation, and reception of a Payment Transaction.
Payment Transfer: means a payment transaction wherein funds are transferred to a payment account of the Recipient under the initiative of the Payer.
Payment Order: means an order (payment transfer) from the Payer or the Recipient to the Provider of Payment Services to execute a Payment Transaction.
Payment Transaction: means a money transfer or cash-in/out operation initiated by the Payer, in the Payer’s name, or by the Recipient.
Payment Service: means services, during the provision of which conditions to deposit to and withdraw cash from the payment account are created, as well as all transactions related to the management of the payment account; payment transactions, including transfer of money held on the payment account opened in Codego of the payment service provider of the User of payment services, or in another payment institution; payment transactions when money is given to the User of payment services under a credit line: payment transactions using a payment card or a similar instrument and/or credit transfers, including periodic transfers; issuance and/or acceptance of payment instruments; money remittances; payment initiation services; account information services.
Payment Instrument: means any payment instrument which the System allows to link to the Codego Account and use it to perform Payment Transfers.
Payer: means a natural (private) or legal person, or other organization or its branch, that has a payment account and allows to execute a payment order from this account, or, in the absence of a payment account, submits a Payment Order.
Codego Account or Account: means an account opened in the System in the name of the Client and used to make payments and other Payment Transactions. An Account is opened only upon identification of the Client.
Codego Application (also mentioned below as “System” or “App”): means a mobile/software application for Codego account management, installed on mobile devices and used for the provision of Codego services.
Personal Data: means any information related to the natural (private) person whose identity is known or can be directly or indirectly determined by using a personal code (national ID number) and one or more physical, physiological, psychological, economic, cultural, or social features specific to the individual.
Pricing: means prices for Codego services and transactions confirmed by Codego in accordance with the established regulations.
Profile: means the result of registration in the computer system, during which personal data of the registered person is saved, a login name is created, and their rights in the system are defined.
Recipient: means a natural or legal person, or another organization or its branch, specified in the Payment Order as a recipient of the funds of the Payment transaction.
SEPA Mandate: means the specific form of Mandate required to be used in order to effect Credit or Direct Debits in SEPA.
Services: means the service of issuance and redemption of electronic money and other services provided by Codego included providing IBAN accounts, the possibility of making SEPA and direct debit transfers ; a payment service provided by Codego, also any other service provided by Codego.
Strong Client Authentication: means the procedure of verification of the identity of a natural or legal person based on the use of two or more elements categorized as knowledge (e.g. static password, code, personal identification number), possession (e.g. token, smart card, mobile phone) and inherence (e.g. biometric characteristics, such as a fingerprint). This procedure is applied when the Client is logging in to their payment account online or through other means of remote access, initiates an electronic payment transaction and, through the means of remote access, carries out any action that might be related to the risk of fraud in carrying out a payment or any other types of misuse.
Unique Identifier: means a combination of letters, numbers, or symbols which Codego, as a provider of payment services, provides to the User of payments services, and which is used to identify the User of payment services participating in the Payment Transaction, and/or the account of the User used in the Payment Transaction.
1.3 Registration in the System:
To start using Codego Services, the Client has to register in the System. The use of the Codego Application is described in the Terms of Use available in the system. Codego has the right to refuse to register the new Client without indicating the reasons, however, Codego assures that the refusal to register will always be based on significant reasons which Codego does not have to or does not have the right to reveal.
The Account for the Client can be opened by the Client’s Representative. By registering the Client in the System, the Client’s Representative confirms that they are duly elected or appointed to represent the Client, also that the legal entity represented by them is properly established and operates lawfully. The Client’s Representative must provide the documents specified in the System in order to be duly verified under the procedures laid down in the System.
If the onboarding procedure is successfully completed and Codego is satisfied with the identification and verification of the identity of the Customer concerned, the Bank shall confirm the acceptance of the Customer, Codego shall confirm the Customer’s acceptance and the contractual relationship between the Customer and Codego shall take effect in accordance with these General Terms and Conditions.
The Agreement comes into force after the client’s Representative has registered the Client in the System, learned the terms and conditions of the present Agreement and every related document, and electronically expressed their consent to comply with them. The Agreement is valid for an unlimited period of time.
By registering in the System, the Client confirms that they agree to the terms of the Agreement and undertakes to observe them. The Client confirms that they have provided the correct data when registering in the System and, if there is a need to change or add data, the Client will submit correct data only. The Client shall bear any losses that may occur due to the submission of invalid data.
In order for Codego to start or continue the provision of Services, the Client and/or the Client’s Representative shall confirm the profile, the provision of a new Service or a part of a Service and perform the Client identification procedure under the circumstances and procedures set out in the Agreement or in the System. The Client identification procedure, confirmation of the Profile, and provision of new Services is performed in order to ensure the protection of the interests of the Client and Codego.
Codego has the right to demand data and/or documents that would help Codego identify the Client and/or receive significant information necessary for proper provision of Codego Services to the Client. Specific data and/or documents to be submitted shall be indicated in the message to the Client about the necessity to perform Client identification or other verification procedures.
For the purpose of performing Client identification, Codego has the right demand the Client to perform the following actions:
– Provide originals of the documents required by Codego and/or their copies of documents approved by a notary, or another person authorized by the state.
– Codego, in performing the obligation to identify the beneficiary, has the right to require the Client to submit a valid list of participants of their legal entity. When submitting this list, the Client must confirm that it is relevant and accurate and that the listed persons control the shares of the legal person in their own name and not in the name of third parties. If the shares of the legal entity are controlled in the name of third persons, the Client must indicate these circumstances in addition, also specifying the third parties who are managing the shares. Codego has the right to refuse to provide Services if it turns out that it is not possible to identify the beneficiaries of the legal entity.
The Parties agree that the Client can confirm -or sign- documents (e.g., agreements, consents, etc.) by electronic means.
• Codego has the right to demand additional information and/or documents related to the Client or transactions executed by them and has the right to suspend a transaction of the Client until the Client provides additional information and/or documents related to the suspended transaction. Codego has also the right to request the Client to fill in and periodically update the Client’s questionnaire. If the Client does not provide additional information and/or documents within a reasonable time period set by Codego, Codego has the right to suspend the provision of all or a part of the Services to the Client.
2 How the Payment Account works
In the event of acceptance of the opening of the Payment Account, an email of confirmation will be sent by Codego to the Client. The payment account number (IBAN number) opened in the name of the Client is available in its Personal Area.
The Client can then send funds to their Payment Account, via SEPA transfer, by a first incoming transfer from an account opened in their name with a payment service provider located in the European Union, the European Area or a third countries imposing equivalent obligations in the fight against money laundering and the financing of terrorism. Notwithstanding the foregoing, the Client may not make any Payment Transactions until Codego has proceeded activation of all Services.
The Client can manage the Account via the Internet by logging in to the personal Profile of the Client with the login and password and carrying out additional authentication (Strong Customer Authentication).
2.1 Designation of Users
The opening of the Account is made through the Owner who has the rights to represent and engage the Client. The Owner may be a corporate officer or a natural person other than the corporate officer expressly mandated by the Client. In the event of loss by the Owner of his/her rights to the Account (for example, change of the corporate officer or revocation of the Power of attorney of the authorized person), the Client undertakes to inform Codego without delay. In the absence of notification or in the event of late notification, the liability of Codego cannot be engaged.
Moreover, the Client may give Power of attorney to Administrators or Members authorized to use the Services on their behalf and for their account, and under their entire responsibility. The Power of attorney form is available in the Personal Area of the Account’s Owner or Administrator. The power of attorney will only take effect upon receipt by Codego of the duly completed form and the required supporting documents. The power of attorney ceases automatically upon the death of the Owner or the Administrator who has issued it. The power of attorney may be revoked by the Client at any time by informing Codego through their Personal Area without undue delay. If the notification is not made or is made late, the Power of attorney remains valid and Codego cannot be held liable. The Client expressly discloses the obligation of professional secrecy relating to the Payment Account data in respect of Users.
The Client determines for each User the scope of the rights he/she has on the Payment Account. Each User is assigned Personalized Security Data of his/her own, in order to access his/her Personal Area. The Personal Area of each User is personalized according to the rights granted to him/her by the Client. The different Users profiles are: Owner, Administrator, and Member.
2.2 Personalized security data
The Client must take all reasonable steps to maintain the confidentiality and security of its Personalized Security Data. It also undertakes to make users aware of the preservation of the confidentiality and security of their own personalized security data.
The Client (and each User) undertakes not to communicate their Personalized Security Data to third parties. Exceptionally, the Client may communicate them to an Access.
Service Provider for the purpose of providing the account information service or the payment initiation service. In this case, and having expressly consented to access their Account, the Client must ensure that the said Provider is approved or registered for the aforementioned services, and that they enter their Personalized Security Data in a secure environment.
Codego reserves the right to refuse access to the Payment Account to such a Provider if it suspects that access to the Account is not authorized or fraudulent. Codego will inform the Client by any means of the refusal of access to the Payment Account and the reasons for such refusal, unless this information is not available for objectively justified security reasons or under a relevant provision of national or European Union regulation.
2.3 Statements
The Client is informed by Codego of any provision of information on a durable medium within the meaning of the law and case law. Codego provides the Client with a statement of the Payment Transactions on their Account. This statement is available in their Personal Area.
The Client undertakes to check the contents of the Statement of Operations and to keep it for a minimum of five (5) years. The statement is a legal record of all Payment Transactions made on the Payment Account.
2.4 Balance of the payment account
As the Client’s Payment Account balance cannot be in any way negative, the Client undertakes to maintain a sufficient balance on their Payment Account to ensure the execution of the Payment Transactions. In the case of an insufficient balance, Codego shall reject the Transactions concerned.
Exceptionally, and without any obligation of payment facility, Codego may be required to pay one or more Transactions, the amount of which would be greater than the balance of the Client’s Payment Account (in particular in the case of an Operation by card without prior authorization, or issuance of unpaid card or a direct debit).
In this situation, the Client undertakes to send funds to their Payment Account without delay in order to restore a positive or zero balance. In case of non-compliance with these obligations, Codego reserves the right to suspend or close the Payment Account and to use all means to recover the amounts due.
2.5 Inactive account
The Client’s Payment Account is considered inactive when, after a period of twelve (12) months, it has not been the subject of any transaction (excluding management fees) on the initiative of the Client (or any User) and that the latter has not made any representations to Codego in any form whatsoever.
When the Account is considered inactive, Codego informs the Client by any means. In the absence of a response from the Client or any new transaction on the Account and in the case where the balance is positive, the Account will be closed at the end of a period of ten (10) years from the last transaction on the account. The Client will be informed by any means six (6) months before the effective closing of the Account.
The balance will be deposited with the authorized Institution and the sums may be claimed by the Client or his beneficiaries for twenty (20) years from their deposit. Codego may debit an inactive account management fee each year, to the extent permitted by law.
2.6 Anti Money laundering and terrorist financing
As a Payment Service Provider, Codego is subject to the legal and regulatory provisions relating to the fight against money laundering and the financing of terrorism. For this purpose, Codego must carry out all the necessary procedures relating to the identification of the Client and, when applicable, the ultimate beneficial owner, as well as to the verification of the identity of the latter. Throughout the duration of the Contract, the Client undertakes to keep Codego informed about any changes without delay concerning, in particular, their activity, the identification of their corporate officers and beneficial owners, including a change of control.
In addition, Codego must inquire about the origin of the Payment Transactions, their purpose and the destination of the funds. From an operational point of view, Codego is required to set up a system for monitoring and detecting atypical payment transactions.
The Client undertakes to comply with obligations to combat money laundering and terrorist financing by providing information to Codego about any unusual Payment Transactions detected by Codego.
Codego reserves the right to request any other document or additional information if deemed necessary to meet its vigilance obligations in the sense of the fight against money laundering and the financing of terrorism. As such, Codego could postpone the opening of the Payment Account or temporarily block and even close it in case of persistent suspicion.
The Client ensures that:
• – Incoming funds in their Codego Account are not obtained as a result of criminal activity
• – The Client will not use services provided by Codego for any illegal purposes, including actions and transactions in order to legalize funds derived from criminal or other illegal activities
3 Execution of payment transactions
3.1 Payment transaction
A Payment Transaction is independent of the underlying civil or commercial obligation between the Client and the Payment Recipient. Codego therefore remains foreign to any civil or commercial dispute that may arise between the Client and the Beneficiary.
A Payment Transaction may be initiated by the Client who gives a Payment Order (transfer) directly, by the Client who gives a Payment Order through the Beneficiary (card) or by the Beneficiary (direct debit).
3.2 Security of payment instruments
The Client will take reasonable steps to maintain the security of their Custom Security Data. Upon knowledge of loss, theft, misappropriation or any unauthorized use of a payment instrument or related data, the Client shall promptly inform Codego for the purpose of blocking (or opposition) of the instrument, by email: [email protected]. The Client can also claim a direct opposition from their Personal Area.
Codego reserves the right to subsequently request a receipt or a copy of the complaint following the theft or fraudulent use of its Account. The Client undertakes to respond to Codego’s request as soon as possible.
Codego executes the request for opposition as soon as it receives it. The event will be recorded and timestamped. An opposition number with timestamp will be communicated to the Client. A written confirmation of this opposition will be sent to the concerned Client by email.
In case of blocking (or opposition), Codego provides the Client, at their request and for eighteen (18) months from the blocking (or opposition), the elements allowing them to prove that they have successfully blocked (or opposed).
Any misrepresentation by the Client or Users may result in legal action.
3.3 Strong Client Authentication
In accordance with the law, Codego applies Strong Client Authentication when it:
● accesses the Client’s Online Payment Account;
● initiates an Electronic Payment Transaction;
● executes an Operation through a means of remote communication, which may involve a risk of fraud in payment or other fraudulent use.
Strong Authentication is performed by the input of a 2-factor authentication code received by SMS on the phone number associated with the User, in the dedicated field of the Application.
4 Execution of payment orders by transfer
4.1 General description
The Client may issue, via a User who has the necessary rights (Owner or Administrator) a payment Order by transfer from their Payment Account to an account opened in the books of another payment service provider.
The Client may initiate Transfer Orders in Euros only. The list of currencies covered is indicated in the Personal Area of the authorized User.
To initiate a Transfer Order, the User who has the necessary rights connects to his/her Personal Area using his/her Identification Data, entering:
● The amount of the Payment Transaction (the User must ensure that the Account has a balance sufficient to cover the amount of the Payment Transaction and any associated costs);
● The identity of the Beneficiary of the transfer as well as his/her bank details (IBAN);
● The execution date (in the absence of indication of date, the Transfer Order occurs immediately);
● The reason for payment;
● Currency.
The User is invited to check all of this information before validating the Transfer Order.
In case the Payer indicates incorrect data of the Recipient, and the Payment Order is executed according to the data provided by the Payer, it shall be considered that Codego has fulfilled its obligations properly and shall not repay the transferred amount to the Payer. Codego commits to take all necessary actions to track the payment transaction and will seek to return the funds of the payment transaction, however, in the event of failure to do so, the Payer shall directly contact the person who has received the transfer, on the issue of returning the money.
The consent of the User to the Transfer Order is collected according to the procedure indicated in the Personal Area. The User must follow any strong authentication procedure requested by Codego. The Transfer Order is irrevocable once it has been definitively validated by the User from his/her Personal Area. Codego will not accept any request for cancellation of a transfer beyond its date of irrevocability.
Transfer Orders are time stamped and kept for the applicable legal period. When the consent is given through a Service Provider providing a payment initiation service, the form of this consent is determined by the Client and the said Provider, under the conditions agreed between them. Codego is not a party to these conditions and does not have to verify the Client’s consent.
When the Transfer Order is initiated, at the request of the Client, by a service provider providing a payment initiation service, the Client may not revoke the Order after granting consent.
4.2 transfers denominated in Euros
The Transfer Order must comply with SEPA rules set forth in the “SEPA Credit Transfer Rulebook.” The User has the option of issuing instant or standard Transfer Orders, one-time, or recurring Transfer Orders.
For instant Transfer Orders, the Transfer Order is deemed received by Codego once the User has definitively given his/her consent to the Order, according to the procedure indicated in the Personal Area (“Date of receipt”). It is expressly agreed that the Orders for Instant Transfers will be executed by Codego not later than the end of the Business Day following the Date of receipt of the Order by Codego. If the Date of receipt is not a Business Day, the Payment Order is determined to be received on the next Business Day. The Parties also agree that any Payment Order validated on a Business Day after 16:45 shall be received on the next Business Day.
With respect to standard Transfer Orders, they will be executed at the latest at the end of the day indicated by the Client. If it is not a Business Day, Codego will execute the Transfer Order on the next Business Day.
4.3 Refusal of execution
Codego may refuse to execute any incomplete or incorrect Transfer Order. The Client will then be asked to re-issue the Order to edit missing or incomplete information.
In addition, Codego may suspend a Transfer Order in the event of serious doubt of fraudulent use of the Account, unauthorized use of the Account, breach of security of the Account, suspicion of money laundering / financing of terrorism, or in the event of an assets-freeze order issued by an administrative authority.
In case of refusal of execution or blocking of a Transfer Order, Codego will inform the Client by any means as soon as possible, and at the latest by the end of the first Business Day following the Date of receipt. If possible, Codego will indicate the reasons for the refusal or blocking to the Client, unless prohibited by a relevant provision of national or European Union law. The Client is informed that such notification may be subject to the charges indicated in the Pricing if the refusal is objectively motivated.
4.4 Contestations concerning Payment orders by transfer
If the Client wishes to contest an allegedly unauthorized or incorrectly executed Transfer, they must contact Codego’s Client service by phone call or email as soon as possible after becoming aware of the discrepancy and no later than four (4) weeks following the registration of the Payment Transaction in the Account.
Unless Codego has reasonable grounds to suspect fraud by the Client or gross negligence on the part of the Client, Codego shall reimburse the Client for the amount of the payment Transaction immediately after receiving the contestation, and in any event not later than the end of the following Business Day. Codego restores the Account to the state in which it would have been if the Unauthorized Payment Transaction had not taken place. Codego reimburses the Client under the same conditions when the Payment Transaction was initiated by a payment initiation service provider.
Fees and Pricing Conditions may be levied in the event of an unjustified contestation of a Payment Transaction. Codego cannot be held liable when the incorrect execution of the payment Transaction is the result of an error by the Client on the Unique Beneficiary Identifier (IBAN). Codego will endeavor to recover funds committed to the payment Transaction.
If Codego is unable to recover funds, the Client may request Codego to provide any relevant information it has in order to document its legal recourse to recover the funds.
4.5 Receiving transfers
Under the terms hereof, the Client expressly mandates Codego to receive SEPA Transfer Orders in Euros from an account opened in the books of a payment service provider located in the SEPA zone in their name and on their behalf.
Codego credits the Client’s Payment Account not later than the end of the Business Day on which their own account has been credited with the funds. As soon as the transaction is credited to the Client’s Payment Account, Codego shall make a summary of the transaction including the following information available in the Personal Area: amount, date and time, Payment Transaction number, name of the Payer, debited account, and reason of the Transaction (if applicable).
The Client having noticed that money has been credited to or deducted from their Codego Account by mistake or in other ways that have no legal basis, is obliged to notify Codego about it. The Client has no right to dispose of money that does not belong to them. In such cases, Codego has the right, and the Client gives an irrevocable consent to deduct the money from their Codego Account without the Client’s order. If the amount of money in the Codego client’s Account is insufficient to debit money credited to or deducted from their Codego Account to their other accounts by mistake, the Client unconditionally commits to repay Codego the money credited to or deducted from the Codego Account to their other accounts by mistake in 3 (three) business days from the receipt of such request from Codego.
5 Direct debits
5.1 SEPA core and direct debits
The Client has the option of paying by SEPA direct debit for persons with whom they have a business relationship (the “Creditors”). For the purpose of this article, the term “Maturity Date” means the date of interbank settlement, i.e. the date of debiting the Client’s Account.
5.2 Direct debit mandate (“Mandate”)
The Client who accepts the SEPA Direct Debit as a method of payment must complete the Mandate delivered by their Creditor and return it to them accompanied by a Bank Statement of Identity on which his BIC and IBAN appear. The physical person signing the SEPA Direct Debit Mandate must be a person authorized by the Client for this transaction. The Client undertakes to inform the Establishment of the signature of any Collection Order.
By signing the Direct Debit Mandate, the Client expressly waives the right to reimbursement of authorized and correctly executed transactions.
The Client may at any time revoke the Collection Order from their Creditor. In this case, they undertake to inform Codego immediately. Codego cannot be held responsible for a poorly executed operation due to a lack of information from the Client (for example: bank account number missing or bank details incomplete).
The Client undertakes to inform Codego immediately of any change to the Terms of Reference. Codego cannot be held responsible for a poorly executed operation due to a lack of information from the Client.
The Client may also revoke the Mandate at any time within their Personal Area or by contacting Codego. For this purpose, they shall communicate the unique Reference of the Mandate to Codego. The revocation must be requested by the Client at the latest before the end of the Business Day preceding the Expiration Date of the next withdrawal operation provided for by the Mandate.
The revocation entails the definitive withdrawal of the Client’s consent to the execution of the Mandate. Codego will refuse all the Orders of Samples presented after the revocation of the Mandate by the Client.
A Money Order for which no SEPA Direct Debit Order has been submitted for a period of thirtysix (36) months becomes null and void. In this case, the Client must enter and validate a new mandate.
5.3 Direct debit orders
The Client is informed that their Creditor is required to provide them with advance notice of at least fourteen (14) calendar days before the SEPA Direct Debit Due Date, unless there is a specific Contract between the Client and the Creditor in the Mandate.
Upon receipt of this notification, the Client has the opportunity to verify compliance with their relationship with the Creditor. The Client must ensure that they has sufficient funds in their Account on the Due Date.
In the event of disagreement, the Client is invited to immediately address their Creditor so that the latter suspends the transmission of the Collection Order or issue an instruction for the revocation of the original Direct Debit Order.
Codego receives the Direct Debit Orders transmitted by the Creditor’s payment service provider no later than the day before the Due Date. For a first recurring charge or for an oneoff charge, Codego will verify the existence of the Client’s consent and the validity of the Mandate. In case of inconsistency or incomplete data, Codego may reject the relevant Direct Debit Operation.
For the following recurring Direct Debits, Codego verifies the consistency of the mandate data with the data already recorded and the data of the Transactions. In case of inconsistency, Codego will contact the Client.
Codego debits the Client’s Payment Account of the amount of the Transaction when no event is against it and provided that the Payment Account has a sufficient provision. The Client will receive a notification in their Personal Area to inform them of the amount debited from their Account.
5.4 Direct debit orders dispute
It is specified that the Client has no right to reimbursement if the mandate does not indicate the exact amount of the debit transaction and the amount of the transaction exceeds the amount to which the Client could reasonably expect.
The Client may request the refund of an unauthorized deduction within thirteen (13) months from the date of debiting their account, under penalty of foreclosure. This period shall be reduced to seventy (70) days if the Beneficiary’s payment service provider is located in a State that is not a member of the European Union or the European Economic Area.
6. Force majeure
Neither party will be liable for any delays in processing or other nonperformance caused by telecommunications, utility, failures, or equipment failures, labor strife, riots, war or terrorists attacks, pandemic context, nonperformance of our vendors or suppliers, fires or acts of nature, or any other event over which the respective party has no reasonable control.
However, nothing in this section will affect or excuse your liabilities or your obligation to pay fees, fines, disputes, refunds, reversals or returns under this agreement.
7. Warranties
By accepting the terms of this Agreement, you represent and warrant that:
(a) you are eligible to register and use the Services and have the authority to execute and perform the obligations required by this Agreement;
(b) any information you provide us about your business, products, or services is accurate and complete;
(c) any Charges represent a Transaction for permitted products, services, or donations, and any related information accurately describes the Transaction;
(d) you will fulfil all of your obligations to Customers and will resolve all Disputes with them;
(e) you will comply with all Laws applicable to your business and use of the Services;
(f) your employees, contractors and agents will at all times act consistently with the terms of this Agreement;
(g) you will not use Payment Processing Services for personal, family or household purposes, for peer-to-peer money transmission, or (except in the normal course of business) intercompany Transactions; and
(h) you will not use the Services, directly or indirectly, for any fraudulent or illegal undertaking, or in any manner that interferes with the normal operation of the Services.
You affirm that Codego does not control the products or services that you offer or sell or that your customers purchase using the payment processing services. You understand that we can’t guarantee and we disclaim any knowledge, that your customers possess the authority to make, or will complete, any transaction.
Codego disclaims any knowledge of, and do not guarantee:
– The accuracy, reliability, or correctness of any data provided through the services;
– That the services will meet your specific business needs or requirements;
– That the services will be available at any particular time or location, or will function in an uninterrupted manner or be secure;
– That Codego will correct any defects or errors in the service, API, documentations, or data and;
– That the services are free or viruses or other harmful code.
Use of data you access through the services is done at your own risk. You are solely responsible for any damage to your property, loss of data, or any other loss that results from such access. You understand that Codego make no guarantees to you regarding transaction processing times or payout schedules.
Nothing in this agreement operates to exclude, restrict or modify the application of any implied condition, warranty or guarantee, or the exercise of any right or remedy, or the imposition of any liability under law where to do so would contravene that law or cause any term of this agreement to be void.
8. Liability
Under no circumstances will Codego be responsible or liable to you for any indirect, punitive, incidental, special, consequential, or exemplary damages resulting from your use or inability to use the Services or for the unavailability of the Services, for lost profits, personal injury, or property damage, or for any other damages arising out of, in connection with, or relating to this Agreement or your use of the Services, even if such damages are foreseeable, and whether or not you or Codego have been advised of the possibility of such damages.
Codego is not liable, and deny responsibility for, any damages, harm, or losses to you arising from or relating to hacking, tampering, or other unauthorized access or use of the Services, your Codego Account, or Data, or your failure to use or implement anti-fraud measures, Security Controls, or any other data security measure. Codego further deny responsibility for all liability and damages to you or others caused by
(a) your access or use of the Services inconsistent with the Documentation;
(b) any unauthorized access of servers, infrastructure, or Data used in connection with the Services;
(c) interruptions to or cessation of the Services;
(d) any bugs, viruses, or other harmful code that may be transmitted to or through the Services;
(e) any errors, inaccuracies, omissions, or losses in or to any Data provided to us;
(f) thirdparty content provided by you; or
(g) the defamatory, offensive, or illegal conduct of others.
9. Dispute resolution
This Agreement and the rights of the parties hereunder shall be governed and construed in accordance with the laws of Belgium, exclusive of conflict or choice of law rules. Nothing in this section will preclude the parties from seeking provisional remedies in aid of arbitration from a court of appropriate jurisdiction.
Each party hereby irrevocably and unconditionally consents to service of process through personal service at their corporate headquarters, registered address, or primary address (for individuals or sole proprietors). Nothing in this Agreement will affect the right of any party to serve process in any other manner permitted by Law.
10. Entire Agreement
This Agreement and all policies and procedures that are incorporated by reference constitute the entire agreement between you and Codego for provision and use of the Services. Except where expressly stated otherwise in a writing executed between you and Codego, this Agreement will prevail over any conflicting policy or agreement for the provision or use of the Services. This Agreement sets forth your exclusive remedies with respect to the Services. If any provision or portion of this Agreement is held to be invalid or unenforceable under Law, then it will be reformed and interpreted to accomplish the objectives of such provision to the greatest extent possible, and all remaining provisions will continue in full force and effect.
11. Duration, Suspension and Termination
The Agreement is of unlimited duration.
Codego, at its own discretion, and taking into consideration a specific situation, giving preference to execution of legal acts applied to the activity of Codego, and interests of the Client, has the right to unilaterally and without a prior notice apply one or several of the following measures:
– To suspend execution of one or several Payment transfers
– To suspend the provision of all or part of Services to the Client
– To detain the client’s funds that are matter of dispute
– To block the Account (i.e. fully or partially suspend Payment Transactions on the Account)
– To refuse to provide Services
– To return arrested funds from the Account of the Client to the primary sender funds The aforementioned measures may be applied only in the following exceptional cases :
– If the Client essentially violates the Agreement or its Supplements
– If the activities of the client using a Codego Account have the potential to harm Codego’s business reputation
– If the Client fails to complete the necessary identification procedures, or submit information required by Codego, or the Client provides information that does not conform to the requirements stipulated by legislation or Codego
– If Codego receives substantiated information about the Client’s liquidation or bankruptcy case
– In cases specified by legislation – In other cases stated in the Agreement or its Supplements.
You may terminate the Agreement and close your account by giving thirty (30) days written notice (by any medium). The closure commences on the day a party issues the written notice. Once the closure has come into effect the Client can no longer give instructions concerning accounts, and Codego may reject any such instructions. Once the closure is effective Codego stops all related services. Any funds remaining after the closure of the online account will be transferred to any other external business bank account as indicated in the closure notice. A mandatory termination fee of fifty (50) EUR will be applied when the Client requests to close their account, and the account will be closed only after the fee has been processed.
Codego has the right to terminate the Agreement giving at least two (2) months’ notice to the Client by post or email, at the last communication address declared by the Client or by another durable medium.
Without prejudice to all other available rights of Codego under the applicable laws or this Agreement, and unless otherwise provided in the Specific Terms and Conditions, the Agreement may be terminated by Codego with immediate effect and without compensation fee if one of the following events occurs:
– the Client acts in contravention of generally accepted business practice;
– the Client violates the legal regulations (inter alia international regulations against money laundering) or violates the interests of Codego;
– the Client fails to respect this Agreement, for example, by not paying the services fees in due time (during two or more consecutive months);
– in case of any insolvency event concerning the Client or seizure procedures against the Client;
– in case Codego or the client is denied or withdrawn any license, registration or approval by any Competent Authority or the Payment Scheme necessary to perform the Services.
12. Confidentiality and Data Protection
The Parties undertake to keep the technical and commercial information of each other secret, except for publicly available information which has become known to them while executing the present Agreement, and not transfer it to third parties without written consent from the other Party or its legal representatives.
The Client agrees for Codego to manage their Personal Data with an aim to provide services to the Client and execute other responsibilities under the present Agreement. The Parties guarantee the security of Personal Data received while executing the present Agreement. The above-mentioned Personal Data cannot be disclosed to third Parties without consent from the subject of this data, except for cases stated by the law or the present Agreement.
The data retention and protection issues are governed by the Supplement to the Agreement Privacy Policy, which the client read and commits to adhere it.
The Client undertakes to protect and not to disclose any Passwords, created by them or provided to them under the present Agreement. If the client has not complied with this obligation and/or could, but has not prevented it and/or performed such actions on purpose or due to own negligence, the Client fully assumes the losses and undertakes to reimburse the losses of the persons incurred due to the indicated actions of the Client or their failure to act.
In the event of loss of an Account Password or other Passwords by the Client or the Password(s) are disclosed not due to the fault of the Client or Codego, or in case a real threat has occurred or may occur to the Profile of the Client, the Client undertakes to change the Passwords immediately or, if the client does not have the possibility to do that, notify Codego thereof immediately. Codego shall not be liable for the consequences originating due to the notification failure.
After Codego receives the notification from the Client, Codego shall immediately suspend access to the Profile of the Client and the provision of Codego services until a new password or created for the Client.
Codego has the right to transmit all collected important information about the Client and their activity to other law enforcement institutions, public authorities and other financial institutions, it such is determined by the legislation, and in order to identify whether this Agreement and relevant legislation have not been or will not be violated.
Under the client’s request, the Client’s data may also be transmitted to payment initiation or account information service institutions. Codego may refuse to provide an account information service provider or a payment initiation service provider with access to the Client’s Account based on objective and duly reasoned grounds relating to unauthorized or unfair access to the Account, gained by that account information service provider or payment initiation service provider, including unauthorized or unfair payment transaction initiation.
13. Complaints
If you have a complaint with the Payment Services we provide, please contact [email protected]. If your complaint is unresolved, you may be entitled to refer to the Financial Ombudsman Service (https://www.ombudsfin.be/fr/particuliers/home).
14. Amendments
The contractual relationship between you and Codego shall commence immediately after you have been successfully registered as a Customer.
Codego is entitled to unilaterally amend the provisions of these General Terms and Conditions. The Client shall be informed of any changes to the General Terms and Conditions by means of a notification on the App and a copy of the new General Terms and Conditions shall be sent to the Client on a durable medium, at his request.
Unless otherwise agreed, any changes to these General Terms and Conditions or other agreements shall take effect at the earliest within two (2) weeks from the date of their notification to the Customer. notification to the Customer.
The Client shall be deemed to have accepted amendments and additions to the Agreement unless it notifies Codego that it does not accept them before the expiry of the notice period, which shall result in the automatic termination of the Agreement.
Immediate or no notice shall be given in case Codego amends in any way or adds any provision to the Agreement where the amendment or addition is required in the event of any changes imposed on Codego by any Competent Authority or any applicable law.
15. Laws and jurisdiction
The Agreement is governed and shall be construed in accordance with the laws of Belgium.
Any dispute arising out of or in connection with the Agreement which shall not be amicably settled by the Parties through good faith negotiation within three (3) months after notification in writing by any of the parties shall belong to the exclusive jurisdiction of the Courts of Brussels (Belgium), even in case of side claim or counterclaim.