Company Candy Ocean Ltd (hereinafter — the Company), company number 14263155, business address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, mailing address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ, is a licensed provider of internet payroll services, licensed by the Companies House of UK.

The Company shall comply with the requirements contained in the Money Laundering and Terrorism (Prevention) Act 2008, revised 2020, as well as the requirements of other laws and regulations to the extent to which they relate to the Company’s operations.

The Company shall strictly adhere to the policies and procedures outlined in this document (hereinafter — the AML Policy). The Company retains internal policies to address AML compliance procedures in detail.

The Company develops this AML Policy, introduces amendments and additions to it at its own discretion, and oversees compliance with its provisions and requirements. The Company also adopts internal policies and procedures to ensure compliance with anti-money laundering and terrorist financing laws.

The current version of the AML Policy is always available on the website at: https://hr3.io/aml-policy.html

The Customer shall read the AML Policy before accepting the HR3 Terms and Conditions (hereinafter — Terms and Conditions), published at: https://hr3.io/terms-of-service-en.html. The Customer’s acceptance of the Terms and Conditions, as well as the Customer’s making transactions in the HR3 after accepting the Terms and Conditions, shall signify the Customer’s acceptance of all provisions of the current version of this AML Policy.

To oversee and implement the procedures reflected in the AML Policy, the Company appoints the Compliance Director.

The Compliance Director is responsible for the collection, analysis, and investigation of information on any suspicious activities and the training of the company’s employees pertaining to the relevant procedures; the Compliance Director shall determine the procedures and rules for carrying out Customers’ identification, reviewing and monitoring unusual transactions and technical features of the Company’s implementation of this AML Policy.

The Company uses the procedures for identification and verification of Customers that vary in complexity depending on transaction amounts.

From Customers whose transaction amounts do not exceed USD 99.00 or its equivalent in any period of 30 (thirty) days, the Company requests only the name and email.

The provision of services for conducting transactions in the amount exceeding 99 US dollars or their equivalent for a period of 30 (thirty) days is available only after establishing the identity of the Customer.

For the purposes of Customers’ identification, the Company requests the following documents:

1. To verify a personal account

   • proof of identity (passport, driving licence, national identity card);
   • proof of address (bank statement, utility bill);
   • phone number verification by receiving a code via SMS.

2. To verify a business account

• all the documents required to verify a personal account;
• incorporation documents for a company, including:
• state registration certificate (certificate of incorporation);
• company’s charter;
• Articles of Incorporation (if available);
• document confirming the powers and authority of the person authorized to act on the company’s behalf without a power of attorney, etc.

The Company conducts the Know Your Customer (KYC) verification procedures to avoid the risk of being held liable and to protect itself from a Customer’s attempting to use the Company for carrying out illegal activities.

As part of the KYC procedures, the Company evaluates Customers’ transactions, as well as collects and stores information on the essential facts pertaining to Customers, potential Customers, and their transactions.

After carrying out the identification procedures pertaining to a Customer, the Company stores the information obtained in this Customer’s file. The Company retains information on potential Customers to whom access to the services was denied due to AML policy.

The company is committed to protecting Customers’ privacy rights and the confidentiality of their personal data. The Company collects personal information from Customers only to the extent necessary to ensure the Company’s properly providing services to Customers. Such personal information about Customers and former Customers may be disclosed to third parties only in a limited number of circumstances, in accordance with the applicable laws and agreements between the Company and the Customer. Privacy Notice is available here: https://hr3.io/privacy-en.html.

The company shall carefully maintain Customers’ files, including statements, transaction reports, receipts, notes, internal correspondence, and any other documents related to the Customer both in the electronic and paper format for a period of 5 (five) years from the date of the relevant transaction, and for the 5 (five) years from the moment business relations are terminated, whatever is later.

• Monitoring of sanctions lists;
• Monitoring of user activity and user system environment;
• Transaction monitoring;
• Analysis of remaining balances, exchange rate fluctuations and other aspects;
• Tools enhancing manual data analysis possibilities;

The Company understands the importance of identifying and detecting suspicious activity through monitoring and reviewing the activity of customer transactions. Any financial transaction that may be related to money laundering activities shall be considered to be suspicious activities.

Grounds for determining that a specific transaction is suspicious may be personal observations and experience of the Company’s employees, as well as information received or identified. Suspicious activity includes a transaction that any employee knows or suspects to: involve proceeds from an illegal activity; evade currency transaction reporting requirements; vary significantly from the customer’s normal transactions; a third party gained access to the customer’s account or the activities are performed under instructions of a third party; or has no business or apparent lawful purpose and the Company knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction.

The Company will apply enhanced scrutiny to manually monitor customer transactions, in a manner reasonably designed to detect money laundering and suspicious activity. To identify suspicious transactions, the Company is entitled to perform enhanced due diligence measures and request additional information from the client confirming the economic purpose of the transaction and the origin of funds.

The Compliance Director shall continuously monitor and update the systems used by the Company to detect suspicious activities.

In accordance with the applicable laws of Belize and the requirements of international organizations, the Company may, where appropriate and without the obligation of obtaining the Customer’s approval or notifying the Customer, notify regulating and/or law enforcement agencies of any suspicious transactions.

Different requirements for reporting suspicious transactions may depend on the nature and amount of a transaction.

The Company shall periodically refer to and consult the lists published by the authorities of the Belize, other countries and international organizations that contain lists of known terrorists or persons suspected of terrorist activities, terrorist organizations, high-risk countries, a limited list of countries subject to the OFAC sanctions, jurisdictions that do not provide sufficient level of anti-money laundering procedures, as well as countries subject to sanctions to determine whether the Company’s Customer or potential Customer, and/or such Customer’s country of jurisdiction is included in the above lists.

The Company shall continuously conduct due diligence procedures pertaining to its Customers and scrutinize transactions carried out by them to ensure these transactions’ compatibility with the Company’s knowledge of its Customers, their business and, when necessary, their source of funds.

To perform some of its business functions, the Company uses third-party service providers. The company shall try to determine, during the initial and ongoing due diligence process, to the extent possible whether there are any initiated investigations and filed lawsuits against any such third-party service providers. The company shall also determine whether a third-party provider has obtained all the necessary licences (if applicable), permits, and approvals before establishing a business relationship with such third-party service provider.

Regarding its own staff, the Company shall carefully review all candidates for employment and determine whether the activities of a new employee fall in the category that is susceptible to money laundering activities. In addition, the Company has prepared and implements a number of personnel training programs on customer identification procedures and prevention of money laundering activities.

Government authorities of different countries and, in some cases, international organizations, may impose severe civil and criminal penalties against any person who violates the laws and regulations referred to in paragraph 1.2 of the AML Policy. Such civil and criminal legal penalties may include fines in the amount of up to millions of dollars, and the term of criminal punishment may be up to 10 (ten) years in prison. In addition, government authorities may confiscate any property involved in criminal violation of these laws and regulations, including companies, bank accounts, or any other assets that may be associated with crime.

Under certain circumstances, companies may be deemed criminally responsible for the actions of their employees. In this regard, it is important for the employees of our Corporate Customers to have adequate knowledge in this sphere; it is also important that such Corporate Customers should ensure the compliance of their employees’ actions with the said laws and regulations.

The Corporate Customer (the Corporate Customer’s authorized employee) certifies that they have read and understood this AML Policy, and that they (or their company) shall operate in full compliance with the requirements and standards outlined in the AML Policy and comply with all applicable laws and other regulations and requirements governing its activities as a Corporate Customer.

The Corporate Customer (the Corporate Customer’s authorized employee) acknowledges that they are responsible for their actions in accordance with the effective AML laws and shall bear responsibility pertaining to failure to comply with such laws.