Hi! How can we help You?

Login
Open Account

DIGITAL ASSET POLICY

Crypto Anti-Money Laundering (AML) & Counter-Terrorist Financing (CTF) Policy

Effective Date: 30th August, 2024

Citizen Mutual (“the Bank”) is a digital financial institution offering cryptocurrency and fiat services to global clients. This policy establishes the Bank’s commitment to preventing and detecting money laundering, terrorist financing, and financial crimes in compliance with international standards and the laws of the United Kingdom, European Union, and United Arab Emirates, guided by the Financial Action Task Force (FATF) recommendations.

Purpose

The purpose of this AML/CTF Policy is to define procedures and controls to prevent the Bank’s products and services from being used for money laundering or terrorist financing, and ensure full compliance with:

  • FATF Recommendations
  • UK Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (MLR 2017)
  • EU 5th and 6th AML Directives (AMLD5 & AMLD6)
  • UAE Federal Decree-Law No. 20 of 2018 on AML & CTF, and Cabinet Decision No. 10 of 2019
  • UAE Virtual Asset Regulatory Authority (VARA) guidelines for VASPs

This policy applies to all business lines, employees, subsidiaries, and affiliates of Citizen Mutual worldwide.

Scope

This policy covers all aspects of Citizen Mutual’s digital asset operations, including:

  • Fiat and crypto custody
  • Crypto-to-fiat and fiat-to-crypto conversion
  • Crypto trading and brokerage services
  • Wallet and key management
  • Peer-to-peer and institutional transfers
  • Correspondent relationships and settlement
AML/CTF Governance Structure
  • Board of Directors – Ultimate responsibility for AML oversight and strategic direction.
  • Chief Compliance Officer (CCO) – Manages implementation and policy enforcement.
  • Money Laundering Reporting Officer (MLRO) – Primary contact for suspicious transaction reporting and regulatory liaison.
  • Compliance Department – Conducts monitoring, CDD checks, and risk analysis.
  • All Employees – Required to adhere to this policy and report any suspicious behavior.
Risk-Based Approach (RBA)

Citizen Mutual applies a risk-based approach consistent with FATF and UAE/EU/UK guidance. Risk factors considered include customer risk, geographic risk, product/service risk and delivery channel risk. Risk assessments are conducted at onboarding and reviewed periodically.

Customer Due Diligence (CDD) & Know Your Customer (KYC)

Individual Clients:

  • Collection and verification of full legal name, date of birth, nationality, and address
  • Verification of government-issued ID using biometric/liveness tools
  • Source of funds and source of wealth declaration
  • Screening against sanctions and PEP databases

Corporate Clients:

  • Verification of incorporation documents, directors, UBOs, and company structure
  • Assessment of ownership layers to identify ultimate beneficial owners (>25%)
  • Business nature and financial history review
  • Sanctions, adverse media, and PEP screening for key stakeholders
Enhanced Due Diligence (EDD)

Mandatory for PEPs or associates, high-risk jurisdictions, unusual transaction patterns, clients using privacy-oriented assets or mixers. EDD includes senior management approval, enhanced documentation, and close monitoring.

Ongoing Monitoring

The Bank continuously monitors transactions to detect suspicious activity, including automated screening and transaction monitoring systems, blockchain analytics tools (e.g., Chainalysis, TRM Labs), behavioral analysis, and real-time sanctions/PEP re-screening.

Suspicious Activity Reporting (SAR)
  • All employees must immediately escalate suspicious transactions to the MLRO.
  • The MLRO evaluates and, if warranted, files a SAR to the relevant FIU (UK NCA, EU FIU, or UAE FIU).
  • "Tipping off" a client about a SAR is strictly prohibited.
Sanctions Compliance

Citizen Mutual screens all clients, transactions, and wallets against relevant sanctions lists (UK OFSI, EU, UAE, UN, US OFAC). Transactions or relationships with sanctioned parties are blocked and reported.

Training and Awareness

All staff receive annual AML/CTF training covering legal/regulatory updates, identification of suspicious crypto patterns, CDD/EDD procedures, reporting obligations, and data protection. Training records are maintained.

Data Protection & Confidentiality

Citizen Mutual complies with GDPR (EU), UK Data Protection Act 2018, and UAE PDPL. Personal and transactional data are encrypted and used only for compliance purposes.

Independent Audit & Review

Annual independent audits assess AML/CTF effectiveness. The MLRO provides quarterly reports to the Board. Findings are addressed with corrective actions.

Policy Review

This policy is reviewed annually, or sooner if regulatory changes occur within FATF, UAE, EU, or UK frameworks.

anytime

Anytime, Anywhere on Any Device

Join the hundreds of thousands of happy and empowered customers

in our community thanks to Citizen's unparalleled banking solutions

  • Scan to download from Apple App Store
  • Scan to download from Google Play