Policy for the governance and management of money laundering and terrorism financing risk pursuant to Legislative Decree 231/2007 and subsequent amendments

Young Platform S.p.a.

Young Platform S.p.a., Via Cigna 96/17, 10155, Turin, Italy Tax ID and VAT 11931440017 (hereinafter simply “Young”).

Young is among the obliged entities defined in Legislative Decree 231/2007 (hereinafter, the “Decree”), in Article 3, paragraph 5, letters:

• i) providers of services related to the use of virtual currency;
• i-bis) digital wallet service providers.

As defined in Article 1, paragraph 2, letters:

• ff) providers of services related to the use of virtual currency: any natural or legal person who provides services to third parties, on a professional basis, including online, functional to the use, exchange, storage of virtual currency and their conversion to or from legal tender or digital representations of value, including those convertible into other virtual currencies, as well as issuance, offering, transfer, and clearing services and any other service functional to the acquisition, trading, or intermediation in the exchange of the same currencies;
• ff-bis) digital wallet service providers: any natural or legal person who provides, to third parties, on a professional basis, including online, services for the safekeeping of private cryptographic keys on behalf of their clients, for the purpose of holding, storing, and transferring virtual currencies;

Recipients

All Young personnel.

Purpose

For money laundering, pursuant to the Anti-Money Laundering Decree, it is understood as:

1. the conversion or transfer of property, carried out with the knowledge that they are derived from criminal activity or from participation in such activity, for the purpose of concealing or disguising the illicit origin of the property or of helping any person involved in such activity to evade the legal consequences of their actions;
2. the concealment or disguise of the true nature, origin, location, disposition, movement, ownership of property or of rights over them, carried out with the knowledge that such property is derived from criminal activity or from participation in such activity;
3. the acquisition, possession, or use of property with the knowledge, at the time of their receipt, that such property is derived from criminal activity or from participation in such activity;
4. participation in any of the acts referred to in letters a), b), and c), association to commit such an act, attempting to perpetrate it, helping, inciting, or advising someone to commit it, or facilitating its execution.

Money laundering is also considered as such if the activities that generated the laundered property took place outside national borders. The knowledge, intention, or purpose of money laundering actions can be inferred from objective factual circumstances.

For terrorism financing, it is understood as any activity aimed, by any means, at the provision, collection, supply, intermediation, deposit, safekeeping, or disbursement, however carried out, of funds and economic resources, directly or indirectly, in whole or in part, usable for the commission of one or more conducts, with the purpose of terrorism as provided for by criminal laws, regardless of the actual use of the funds and economic resources for the commission of said conducts.

Therefore, money laundering and terrorism financing represent criminal phenomena that, also by virtue of their possible transnational dimension, constitute a serious threat to the real economy and can have destabilizing effects, especially for the banking and financial system.

The soundness, integrity, and stability of credit institutions and financial institutions as well as confidence in the financial system as a whole could be seriously compromised by the efforts made by criminals and their accomplices to mask the origin of the proceeds of criminal activities or to channel funds of licit or illicit origin for the purpose of terrorism financing.

In response to the complexity and danger of these phenomena, Young responds responsibly, dedicating the utmost attention to actions and tools for combating them, in the awareness that the pursuit of profitability and efficiency must be combined with the continuous and effective oversight of the integrity of the corporate structure.

For this reason, the involvement of corporate bodies and the correct fulfillment of the obligations that fall upon them is a priority. In particular, it is the responsibility of the Board of Directors (hereinafter also BoD) to identify policies for the governance of money laundering and terrorism financing risk that are adequate to the extent and type of risk profiles to which Young’s activity is concretely exposed.

This Policy for the “Governance and management of money laundering and terrorism financing risk” (hereinafter also “Policy”) therefore has the purpose of defining the measures, roles and responsibilities, the organizational and operational model, and the information flows for the governance and management of money laundering and terrorism financing risk within Young, in full compliance with the relevant external regulations.

The unambiguous definition of the elements qualifying the management of money laundering and terrorism financing risk at Young and the guidelines that must be respected in their exercise represent the fundamental prerequisite for ensuring homogeneity of conduct within the Company.

Scope of applicability, approval, and updates

The Policy is intended for all of Young’s corporate bodies and its personnel.

This Policy is approved by Young’s BoD and is updated whenever there are significant organizational changes or evolutions of the regulatory context. The Head of the Anti-Money Laundering Function evaluates and submits any subsequent relevant updates for approval by the BoD.

This Policy governs the regular and ordinary conduct of processes and any extraordinary intervention powers by the Anti-Money Laundering Function.

Related Procedures

This document should be read in conjunction with the following internal regulations:

• Anti-Money Laundering Manual;
• Customer Due Diligence Procedure;
• Record-Keeping Procedure;
• Suspicious Transaction Reporting Procedure.

General Provisions

The Policy for the governance and management of money laundering and terrorism financing risk falls within the following general provisions:

• The relevant regulatory context and the related measures regarding the fight against money laundering and terrorism financing adopted at Young;
• The duties and responsibilities of the Corporate Bodies, the Anti-Money Laundering Function, the Head of Suspicious Transaction Reporting, and the other Corporate Functions involved in the management of money laundering and terrorism financing risk;
• The main information flows necessary for the operation of the governance and management model.

Main Regulatory References

For the purposes of preventing and combating money laundering and terrorism financing, a significant process of international harmonization and strengthening of the relevant regulations has taken place in recent years, which is essential in an increasingly competitive and globalized market, affected by technological and financial innovations that have profoundly expanded the scope of action and the tools available to individuals who intend to carry out acts of money laundering or terrorism financing.

Given that money laundering and terrorism financing operations often take place at the international level, the relevant regulatory framework is made up of a structure of sources, represented by international conventions, recommendations developed by the Financial Action Task Force (i.e. GAFI or FATF), as well as European Community regulations, subject to transposition at the national level by member states, as well as implementing provisions issued by the competent national Supervisory Authorities.

Young’s organizational choices, as well as this document, reflect European-based norms, as well as national laws and regulations.

Young is not included among the recipients of the secondary regulations of the Bank of Italy or other supervisory authorities.

In this regulatory uncertainty, Young has decided to take the secondary regulations of the Bank of Italy into consideration as a reference, adapting to them as much as possible according to the principle of proportionality, in line with the nature, size, and complexity of the activity carried out, and the type and range of services provided.

In particular, the community and local requirements and recommendations derive from:

• Legislative Decree 21 November 2007, n. 231 (Decree) and subsequent amendments;
• Joint Guidelines of the European Supervisory Authorities on simplified and enhanced customer due diligence measures and risk factors, published on January 4, 2018;
• EU Directive 2015/849 (c.d. “4th Anti-Money Laundering Directive”) of the European Parliament and of the Council of 20/05/2015 on the prevention of the use of the financial system for the purpose of money laundering of proceeds of criminal activity and terrorism financing, which amends EU Regulation no. 648/2012 of the European Parliament and of the Council and repeals Directive 2005/60/EC of the European Parliament and of the Council and Directive 2006/70/EC of the Commission. The regulation has expanded the objective scope of application of Anti-Money Laundering legislation, combining the activity of money laundering from criminal activities with that of terrorism financing;
• Directive (EU) 2018/843 (c.d. “5th Anti-Money Laundering Directive”) of the European Parliament and of the Council of May 30, 2018, which amends Directive (EU) 2015/849 on the prevention of the use of the financial system for money laundering or terrorism financing and which amends Directives 2009/138/CE and 2013/36/UE;
• Bank of Italy Communication on the identification and enhanced due diligence of Politically Exposed Persons: good practices and critical issues found in the control activity, of January 31, 2018;
• Provisions on organization, procedures, and internal controls aimed at preventing the use of intermediaries for money laundering and terrorism financing purposes of March 26, 2019, and subsequent amendments;
• Implementing provisions on Customer Due Diligence for the fight against money laundering and terrorism financing issued by the Bank of Italy on July 30, 2019
• Legislative Decree 22 June 2007, n. 109 and subsequent amendments, Measures to prevent, combat and repress the financing of terrorism and the activity of countries that threaten international peace and security, in implementation of Directive 2005/60/EC.;
• Provisions for the retention and availability of documents, data, and information for combating money laundering and terrorism financing issued by the Bank of Italy on 24/3/2020;
• Anomalous use of virtual currencies issued by the UIF on 29/5/2019;
• Regulation containing the indicators of anomaly issued by the UIF on 12/05/2023;
• Guidance for a risk-based approach, Virtual assets and virtual asset service providers issued by the GAFI (FATF) in June 2019;
• Decree of the Ministry of Economy and Finance of January 13, 2022 – Methods and timing with which virtual currency service providers and digital wallet service providers are required to report their operations in Italy as well as forms of cooperation between the Ministry of Economy and Finance and police forces;
• Circular 41/22 of the Organismo Agenti e Mediatori (OAM).

Roles and responsibilities in AML

For the purposes of mitigating the risk of Young’s involvement in acts of money laundering and/or terrorism financing, the involvement of the corporate bodies and the correct fulfillment of obligations is a priority.

In the following paragraphs, the duties and responsibilities in the anti-money laundering field of Young’s corporate bodies are detailed.

8.1. Board of Directors

The BoD is responsible for defining the overall model for the governance and management of money laundering and terrorism financing risk.

It is the BoD’s duty to approve this Policy and the organizational model for the governance and management of this risk.

In particular, the BoD:

• approves and periodically reviews the strategic directions and policies for the governance of risks associated with money laundering; in adherence to the risk-based approach, the policies are adequate to the extent and type of risks to which Young’s activity is concretely exposed.
• approves a policy that illustrates and motivates the choices that Young makes on the various relevant profiles regarding organizational structures, procedures and internal controls, due diligence and data retention, in line with the principle of proportionality and the actual exposure to money laundering risk (so-called anti-money laundering policy);
• approves the establishment of the anti-money laundering function, identifying its duties and responsibilities as well as methods of coordination and collaboration with other corporate control functions;
• approves the guidelines for an organic and coordinated internal control system, functional to the prompt detection and management of money laundering risk and ensures its effectiveness over time;
• approves the principles for managing relationships with customers classified as “high-risk”;
• appoints and revokes the head of suspicious transaction reporting and the anti-money laundering head, having consulted the body with control functions and verified the possession of the necessary requirements;
• ensures that duties and responsibilities in anti-money laundering matters are allocated clearly and appropriately, guaranteeing that operational functions and control functions are distinct and provided with adequate qualitative and quantitative resources;
• ensures that an adequate, complete, and timely system of information flows is in place for corporate bodies and between control functions, as well as a system for sharing documentation that allows corporate bodies direct access to the reports of the control functions regarding anti-money laundering, to the pertinent communications exchanged with the Authorities, and to the supervision measures imposed or sanctions imposed;
• ensures the protection of confidentiality within the suspicious transaction reporting procedure;
• at least annually, examines the reports related to the activity carried out by the anti-money laundering head and the controls performed by the competent functions, as well as the document on the results of the self-assessment of money laundering risks;
• at least annually, evaluates the activity of the anti-money laundering function and the adequacy of the human and technical resources assigned to it, also in light of the periodic verification carried out by the internal audit function;
• ensures that shortcomings and anomalies found as a result of the various levels of controls are promptly brought to its attention and promotes the adoption of suitable corrective measures, whose effectiveness it evaluates;
• evaluates the risks resulting from operations with third countries associated with higher money laundering risks, identifying the safeguards to mitigate them, and monitors their effectiveness;
• appoints the senior officer responsible for anti-money laundering

8.2. Chief Executive Officer

The Chief Executive Officer of Young, as the body with a management function:

• oversees the implementation of the strategic directions and policies for the governance of money laundering risk approved by the BoD and is responsible for the adoption of all necessary measures to ensure the effectiveness of the organization and the anti-money laundering control system; for this purpose, he/she examines the proposals for organizational and procedural interventions presented by the anti-money laundering head and formalizes, with motivation, the possible decision not to accept them.
• defines and oversees the implementation of an internal control system functional to the prompt detection and management of money laundering risk and ensures its effectiveness over time, in line with the results of the risk self-assessment exercise;
• ensures that the operational procedures and information systems allow for the correct fulfillment of customer due diligence and data retention obligations;
• with regard to suspicious transaction reporting, defines and oversees the implementation of a procedure adequate to the specifics of the activity, the size, and the complexity of the company, according to the principle of proportionality and the risk-based approach;
• furthermore, adopts measures aimed at ensuring compliance with the confidentiality requirements of the reporting procedure as well as tools, including IT tools, for the detection of anomalous transactions;
• defines the anti-money laundering policy submitted for approval by the body with a strategic supervision function and oversees its implementation;
• defines and oversees the implementation of informative procedures aimed at ensuring the knowledge of risk factors to all involved corporate structures and the bodies in charge of control functions;
• defines and oversees the implementation of procedures for managing relationships with customers classified as “high-risk,” in line with the principles established by the strategic supervision body;
• establishes training and education programs for personnel on the obligations provided for by anti-money laundering regulations; the training activity must be continuous and systematic and take into account the evolution of the regulations and the procedures prepared by Young;
• establishes suitable tools to allow for the verification of the activity carried out by personnel in order to detect any anomalies that may emerge, specifically, in behavior, in the quality of communications addressed to referents and corporate structures, as well as in the relationships of personnel with customers;
• ensures, in cases of outsourcing of the operational duties of the anti-money laundering function, compliance with the applicable regulations and receives periodic information on the performance of the outsourced activities;
• ensures, in cases of remote operations (e.g., carried out through digital channels), the adoption of specific IT procedures for compliance with anti-money laundering regulations, with particular reference to the automatic identification of anomalous transactions;
• oversees the implementation of the initiatives and procedures necessary to ensure the timely fulfillment of reporting obligations to the Authorities provided for by the regulations.

8.3. Board of Statutory Auditors

The Board of Statutory Auditors (hereinafter also BSA) supervises the completeness, adequacy, functionality, and reliability of the Internal Control System in its entirety and therefore also on the model for the governance and management of money laundering and terrorism financing risk, ascertaining the adequacy of all the functions involved, as well as the correct fulfillment of duties and the adequate coordination of the same.

In the exercise of its duties, this body makes use of internal structures for carrying out the necessary checks and verifications and uses information flows from other corporate bodies, from the anti-money laundering head, and from the other internal control functions.

In this context, the BSA:

• evaluates the suitability of the procedures in place for customer due diligence, data retention, and suspicious transaction reporting;
• communicates, without delay, to the Head of Suspicious Transaction Reporting (hereinafter also H-STR) the potentially suspicious transactions of which it has become aware in the exercise of its functions;
• informs the sector’s Supervisory Authorities and the interested administrations and bodies, without delay, by reason of their respective attributions, of all facts or acts of which it becomes aware that may constitute serious or repeated or multiple violations of the law and the related implementing provisions on the matter;
• promotes the investigation of the reasons for the shortcomings, anomalies, and irregularities found and promotes the adoption of appropriate corrective measures;
• expresses its opinion on the decisions regarding the appointment of the Head of the Anti-Money Laundering Function and the definition of the elements of the overall architecture of the money laundering and terrorism financing risk management and control system.

8.4. The Internal Audit Function

The Internal Audit Function (hereinafter also IA) constitutes the safeguard for third-level control activities, aimed at evaluating the completeness, adequacy, functionality, and reliability of Young’s internal control system, providing recommendations to the Corporate Bodies based on the results of its controls.

With regard to the prevention and combat of the use of the financial system for money laundering and terrorism financing purposes, the IA continuously verifies the degree of adequacy of Young’s organizational structure and its compliance with the legislation in force at the time and supervises the functionality of the overall internal control system.

The IA, inter alia, through systematic controls, including inspections, verifies:

• the constant compliance with the due diligence obligation, both during the establishment of the relationship and during the development of the relationship over time;
• the effective acquisition and orderly retention of data and documents as prescribed by the regulations;
• the actual degree of involvement of employees and collaborators as well as the heads of central and peripheral structures, in the implementation of the “active collaboration” obligation.

The interventions, both remote and on-site, are subject to planning to ensure that all operational structures are verified within a reasonable time frame and that the initiatives are more frequent for structures most exposed to money laundering risks and with reference to “high-risk” relationships.

Furthermore, the IA periodically verifies the adequacy and effectiveness of the Anti-Money Laundering Function.

The results of the IA’s intervention activities are shared with the Anti-Money Laundering Head.

The IA also carries out follow-up interventions to ensure that corrective actions for the shortcomings and irregularities found have been adopted and that they are suitable for avoiding similar situations in the future.

Based on the principle of proportionality, the responsibility for the function has been assigned to an administrator, the recipient of specific delegations regarding controls and who is not the recipient of other delegations that could compromise his/her autonomy, identified as Mariano Carozzi.

8.5. The Anti-Money Laundering Function

Young has established the Anti-Money Laundering Function (hereinafter also AML) responsible for preventing and combating the carrying out of money laundering operations. The function has been organized in line with the principle of proportionality; in any case, the AML is independent and equipped with qualitatively and quantitatively adequate resources for the tasks to be carried out, which can also be activated autonomously.

The AML reports directly to the BoD, the CEO, and the BSA and has access to all of Young’s activities as well as any information relevant to the performance of its duties.

The AML directly informs the corporate bodies in case of significant violations and shortcomings. The personnel who carry out tasks attributable to the AML are adequate in number, technical-professional skills, and continuous training.

The duties of the Anti-Money Laundering Function have been outsourced by Young to the company Arkes S.r.l. (hereinafter also the “provider”), while maintaining internal responsibility for the correct management of money laundering risks. Arkes S.r.l. also provides continuous consulting.

The Head of the Anti-Money Laundering Function (hereinafter also “H-AML”):

• monitors, through periodic controls, compliance with contractual obligations and the correct execution of the service by the provider;
• verifies that the service provided by the provider allows for the effective fulfillment of anti-money laundering obligations;
• regularly reports to the corporate bodies on the performance of the outsourced duties to ensure that any necessary corrective measures are adopted in a timely manner.
  The outsourcing agreement between Young and the provider defines:
• the respective rights and obligations; the expected service levels, expressed in objective and measurable terms, as well as the information necessary to verify their compliance; any conflicts of interest and the appropriate precautions to prevent them or, if not possible, to mitigate them; the duration of the agreement and the methods of renewal as well as the mutual commitments related to the interruption of the relationship;
• the minimum frequency of information flows to the H-AML and the corporate bodies and control functions, without prejudice to the obligation to respond promptly to any request for information and consulting;
• the confidentiality obligations of the information acquired in the exercise of the function;
• the possibility of reviewing the service conditions in the event of regulatory changes or changes in Young’s operations and organization;
• the possibility for Young, the Supervisory Authorities and the UIF to access useful information and the premises where the service provider operates for monitoring, supervision, and control activities.

8.5.1. Duties

The AML continuously verifies that the corporate procedures are consistent with the objective of preventing and combating the violation of anti-money laundering rules. For this purpose, the function provides to:

• identify the applicable rules and evaluate their impact on internal processes and procedures;
• collaborate in defining the internal control system and procedures aimed at preventing and combating money laundering risks;
• continuously verify the adequacy of the money laundering risk management process and the suitability of the internal control system and procedures and propose organizational and procedural changes aimed at ensuring adequate oversight of money laundering risks;
• conduct, in coordination with the H-STR, checks on the functionality of the reporting process and the appropriateness of the evaluations made on customer operations;
• collaborate in defining the policies for the governance of money laundering risk and the various phases in which the management process of this risk is articulated;
• conduct, in coordination with the other interested corporate functions, the annual exercise of self-assessment of the money laundering risks to which Young is exposed;
• provide support and assistance to the corporate bodies and senior management;
• preventively evaluate the money laundering risk connected to the offer of new products and services, to the significant modification of products or services already offered, to entering a new market, or to the start of new activities and recommends the necessary measures to mitigate and manage these risks;
• verify the reliability of the information system for the fulfillment of customer due diligence, data retention, and suspicious transaction reporting obligations;
• monthly transmit to the UIF the aggregate data concerning Young’s overall operations. At the moment, Young is not among the entities obliged to send aggregate data to the UIF;
• define, in agreement with the head of suspicious transaction reporting, procedures for managing internal reports (from the so-called first level) regarding particularly high-risk situations to be handled with due urgency;
• oversee, in coordination with the other corporate functions competent for training, the preparation of an adequate training plan, aimed at achieving continuous updating of personnel, and of indicators of the effectiveness of the training activity carried out;
• promptly inform the corporate bodies of significant violations or shortcomings found in the exercise of the related duties;
• periodically inform the corporate bodies about the progress of the corrective actions adopted in the face of shortcomings found in the control activity and about the possible inadequacy of the human and technical resources assigned to the anti-money laundering function and the need to strengthen them;
• prepare direct information flows to the corporate bodies and senior management;
• provides the Chief Executive Officer with a preventive opinion in cases where, by law, his/her authorization is required for the initiation or continuation of the ongoing relationship.

Young has attributed the responsibility for carrying out enhanced due diligence to the H-AML.

The AML prepares and transmits the anti-money laundering manual to the BoD, the CEO, and the BSA. The document – constantly updated – is available and easily accessible to all personnel.

The AML pays particular attention to: the adequacy of internal systems and procedures regarding customer due diligence and retention obligations as well as systems for identifying, evaluating, and reporting suspicious transactions; the effective detection of other situations subject to reporting obligations as well as the appropriate retention of the documentation and evidence required by the regulations.

The AML can carry out, in coordination with the internal audit function, sample checks to verify the effectiveness and functionality of the internal systems and procedures and identify any critical areas.

At least once a year, the AML presents a report to the BoD, the CEO, and the BSA on the initiatives adopted, the dysfunctions found, and the related corrective actions to be taken, as well as on the training activity of the personnel. In the report, the results of the self-assessment exercise conducted pursuant to Part Seven of the Bank of Italy’s Provisions on Organization, Procedures, and Internal Controls are also included.

The AML collaborates with the Authorities referred to in Title I, Chapter II of the anti-money laundering decree.

8.5.2. The Head of the Function

The H-AML, appointed by the BoD, is Dr. Saajan Sharma Nepal: he is among the heads of corporate control functions and was selected after verifying the possession of adequate requirements of independence, competence, professional skills, and reputation. He has the necessary time for the effective fulfillment of his duties.

The selection procedure for the H-AML is based on the analysis of objective criteria such as the knowledge and professional experience gained by the candidate in internal controls, with specific reference to those in the anti-money laundering field, as well as the sensitivity gained in identifying risks of involvement in money laundering phenomena and adequate mitigation safeguards.

The requirements considered for the appointment of the H-AML are detailed below:

• Independence: a person who is in any situation of connection with a member of Young’s corporate bodies cannot be appointed H-AML;
• Competence and professionalism: a person who demonstrates theoretical knowledge in the anti-money laundering field acquired through studies and training and has gained practical experience, obtained in the performance of previous work activities, can be appointed H-AML;
• Reputational requirements: a person who is under legal interdiction, a person who has been sentenced to a definitive prison term or imprisonment, a person who is subject to prevention measures, a person who at the time of assuming the position is in a state of temporary interdiction from offices or interdiction from carrying out administration, management, and control functions cannot be appointed H-AML.

The H-AML reports directly to the corporate bodies, without restrictions or intermediation.

The H-AML is placed in an adequate hierarchical-functional position and does not have direct responsibility for operational areas or is hierarchically dependent on persons responsible for these areas.

The personnel called upon to collaborate with the AML report directly to the H-AML for matters relating to their respective duties.

8.6. The Head of Suspicious Transaction Reporting

The Head of Suspicious Transaction Reports (hereinafter H-STR), appointed by resolution of the BoD, is Dr. Saajan Sharma Nepal.

The H-STR possesses adequate requirements of independence, authority, and professionalism and carries out his/her activity with autonomy of judgment and in compliance with the confidentiality obligations provided for by the anti-money laundering decree, also towards senior officers and other corporate functions.

The role of the H-STR is adequately formalized and made known within the structure.

The appointment and revocation of the same head are promptly communicated to the UIF in the manner indicated by it.

It is the responsibility of the H-STR to:

• Timely evaluate, in light of all available elements, the suspicious transactions reported by personnel;
• Timely evaluate, in light of all available elements, the suspicious transactions of which he/she has otherwise become aware in the course of his/her activity;
• transmit the reports deemed founded to the UIF, omitting the indication of the names of the persons involved in the transaction reporting procedure;
• keep evidence of the evaluations carried out as part of the procedure, even in the event of failure to send the report to the UIF.

The H-STR:

• acquires all useful information internally;
• has free access to information flows directed to corporate bodies and structures that are significant for the prevention and combat of money laundering (e.g., requests received from the judicial authority or investigative bodies);
• also uses any elements that can be inferred from freely accessible information sources in the evaluations.

The H-STR is required to know and apply with rigor and effectiveness the instructions, schemes, and indicators issued by the UIF; he/she plays a role of interlocution with the UIF and responds promptly to any requests for further information from it.

The H-STR communicates, with organizational methods suitable to ensure compliance with the confidentiality obligations provided for by the anti-money laundering decree, the outcome of his/her evaluation to the first-level head who originated the report.

In compliance with the confidentiality obligations provided for by the anti-money laundering decree on the identity of the persons who take part in the transaction reporting procedure, the H-STR updates the risk profile of the reported customers.

8.7. OAM: VASP Transmissions Referent

The transmissions referent is responsible for managing the quarterly transmissions intended for the OAM.

The following are the functions that a referent fulfills:

• signs the quarterly transmissions file;
• verifies, through the diagnostic on the VASP Transmissions Portal, that the file corresponds to the OAM specifications;
• uploads the transmissions file to the VASP Transmissions Portal in order to comply with the rule;
• views from the VASP Transmissions Portal, the outcome of the processing of the transmission, also by downloading the outcome file with the detail of the errors and/or remarks;
• requests the correction of a quarterly transmission already sent and associated with a quarter.

For the sending of quarterly transmissions, Young has appointed Dr. Saajan Sharma Nepal as Referent.

8.8. Coordination with other Corporate Control Functions

The Anti-Money Laundering Function falls within the overall framework of the internal control system. The interaction between this and the other Control Functions is therefore part of the more general coordination between all the structures with control duties in order to ensure the correct functioning of the internal control system based on a fruitful interaction, avoiding overlaps or control gaps.

The contribution to value creation by the Anti-Money Laundering Function is therefore all the greater the stronger the synergies achieved with the other actors of the internal control system. The collaboration between these functions allows the Anti-Money Laundering Function to develop its risk management methodologies in a manner consistent with corporate strategies and operations, designing processes that comply with regulations and providing consulting services.

In evaluating the adequacy of internal systems and procedures, the Anti-Money Laundering Function can carry out, in coordination with the IA, on-site sample checks to verify their effectiveness and functionality and identify any critical areas.

Anti-Money Laundering Measures and Guidelines

Young is continuously committed to spreading the culture aimed at preventing and mitigating money laundering and terrorism financing.

Young’s Anti-Money Laundering Function ensures the correct coordination of safeguards for the prevention and combat of money laundering and terrorism financing, in compliance with the regulations in force at the time.

The action of prevention and combat of money laundering and terrorism financing implemented at Young is based on the following measures:

• Customer due diligence;
• Assignment of a money laundering risk profile to the customer;
• Registration of relationships and transactions and retention of related supporting documents;
• Adoption of organizational procedures and internal control safeguards;
• Monitoring and reporting of suspicious transactions;
• Personnel training.

9.1. Measures for Customer Due Diligence

Due diligence represents the core activity of anti-money laundering regulations which translates into one of the major obligations for obliged entities, both for the oversight activities that it is necessary to establish for its performance and for the activities that, depending on the outcome, the obliged entities then have the obligation to carry out.

Customer due diligence consists of a process composed of a succession of multiple activities. Of these, some are carried out during the establishment of the relationship with the customer (such as identification, verification of identity, and the veracity of the documents presented by the customer), while others are intended for continuous application throughout the duration of the relationship (in particular, the monitoring of transactions carried out and the evaluation of the congruence of the customer’s economic-institutional profile).

Customer due diligence aims to obtain an in-depth knowledge of the customer’s economic, and possibly financial, profile in order to be able to subsequently analyze and evaluate whether the requested transactions are consistent with the identified profile. These measures are proportionate to the level of money laundering and terrorism financing risk identified during the census and on an ongoing basis.

In line with the Risk Based Approach (RBA), Young graduates the customer due diligence activity by calibrating it based on the money laundering risk associated with the individual customer, business relationship, product, or transaction in question and therefore applies the measures at three levels: ordinary, enhanced, and simplified obligations in the presence of a more or less elevated risk.

The ordinary due diligence adopted at Young was designed and includes the necessary and sufficient information to cover the risks identified in the Risk Self-Assessment.

9.1.1. Customer Segmentation

Young has decided to classify its customers differently depending on the phase reached in the onboarding process:

The onboarding due diligence process (acceptance of a new customer) at Young is structured in three steps:

• Registration on the platform;
• Identification and verification of the customer (KYC);
• Execution of the first financial transaction.

“Registered” entities

The entities classified in this category have completed registration on the platform but have not yet completed the identification and verification process (KYC): for this reason, Young has decided not to consider them “customers” as the data provided by the entity are not only insufficient for any control, but are not even reliable as they are provided by the customer without any possibility of verification.

“Prospect” entities

The entities classified in this category are registered on the platform and have passed the identification and KYC verification phase. They have therefore been identified and sufficient information has been collected to fulfill the due diligence obligations. However, the entities classified in this category are not operational, for this reason, Young has decided not to consider them as Customers.

“Customer” entities

The entities classified in this category have passed the KYC phase and have carried out at least one financial transaction with Young.

Young has decided to consider as Customers only the entities belonging to this category, i.e., those entities that have completed the due diligence process and have carried out at least one financial transaction with Young.

9.1.2. Customer Acceptance Policy

Young’s customers are acquired electronically.

Young does not exclude any category of customers a priori but instead excludes potential customers residing in high-risk third countries.

Customers excluded by country:

Customers residing in high-risk third countries, i.e., countries not belonging to the European Union whose legal systems have strategic deficiencies in their respective national anti-money laundering and terrorism financing regimes, as identified by the European Commission in the exercise of the powers referred to in articles 9 and 64 of the directive.

The excluded countries are those included in the list of high-risk third countries as defined from time to time by the European Commission and other countries defined by Young.

The H-AML ensures the update, from time to time, of the excluded countries in acceptance by requesting the adaptation of the tables contained in the IT systems.

9.1.3. Admission Policy for customers who are victims of “ransomware”

Ransomware is a malicious computer program (“malware”) that can “infect” a digital device (PC, tablet, smartphone, smart TV), blocking access to all or some of its contents (photos, videos, files, etc.) and then demanding a ransom to “free” them.

The payment request, with the relevant instructions, usually appears in a window that opens automatically on the screen of the infected device. The user is threateningly told that he/she has a few hours or a few days to make the ransom payment, otherwise the blocking of the contents will become permanent.

A ransomware victim could turn to Young to convert a certain amount of fiat currency into virtual currency, in order to pay this ransom, which is often collected through this type of transfer.

With reference to ransomware victims who request to open a Young account with a high amount limit in order to pay the ransom, Young has decided not to provide its services, as it could incur judicial proceedings for having facilitated the payment of the requested ransom.

9.1.4. Cash Operations

Young never operates directly in cash; however, through authorized partner points of sale, customers can purchase gift cards, also with cash.

For details, please refer to the Customer Due Diligence Procedure.

9.1.5. Specific Measures for Remote Operations

Remote operations are those carried out without the physical presence of the customer with Young’s personnel or other personnel appointed by Young, at Young’s premises or in another location (e.g., through telephone or IT communication systems); when the customer is an entity other than a natural person, it is considered present when its executor is.

Young always operates remotely, both in the establishment of the ongoing relationship and for occasional transactions (e.g., purchase of virtual currency for legal tender, with simultaneous transfer to a wallet – digital wallet – not under Young’s control).

In consideration of remote operations, especially with new customers, identification must be carried out in a way that leads to a certain assurance of identity.

In consideration of new technologies and their continuous evolution, the BoD delegates to the Anti-Money Laundering Function and the Control Committee to define remote identification methods and to report the results and any subsequent modifications to the BoD.

The detailed instructions for carrying out remote due diligence, both for opening relationships (onboarding) and for arranging transactions, are provided in the Customer Due Diligence Procedure.

9.1.6. Specific Risk Factors related to the country or geographical area

At Young, the risk factors related to the country or geographical area connected to the transactions carried out by customers are analyzed with particular importance.

In particular, it carefully analyzes transactions in which funds are received from or sent to third countries associated with terrorist activities or the funds used in the ongoing relationship were produced in a third country.

For Young, high-risk countries have a dual value:

• Customers residing in high-risk third countries
• Relationships, transactions that involve (both incoming and outgoing) high-risk third countries
  In the Customer Acceptance Policy, customers residing in high-risk third countries as identified by the European Commission have already been excluded.
  Young operates mainly with customers residing in the SEE Area, with a small number of customers residing in third countries.
  The BoD recommends operating with caution and in maximum security with third countries.

9.1.7. Ordinary Due Diligence Obligations

The regulations provide that due diligence obligations must be fulfilled in the following cases:

• when an ongoing relationship is established;
• when an occasional transaction is carried out by the customer that involves the transmission or movement of means of payment of an amount equal to or greater than 15,000 euros, regardless of whether it is carried out with a single transaction or with multiple fragmented transactions;
• when there is a suspicion of money laundering or terrorism financing, regardless of any applicable exemption, derogation, or threshold;
• when doubts arise about the completeness, reliability, or truthfulness of the information or documentation previously acquired (e.g., in the case of failure to deliver correspondence to the address provided or inconsistencies between documents presented by the customer or otherwise acquired by Young).
• if it is deemed appropriate in consideration of the raising of the level of money laundering or terrorism financing risk associated with an already acquired customer.

In this context, it is necessary to:

• identify the customer and any executor;
• identify the beneficial owner;
• verify the identity of the customer, any executor, and the beneficial owner based on documents, data, or information obtained from a reliable and independent source;
• with particular regard to the figure of the executor, acquire detailed information relating to the power of attorney with representation power by virtue of which he/she acts in the name and on behalf of the customer and the relationship between them;
• acquire and evaluate information on the purpose and nature of the ongoing relationship and, in the presence of a high risk of money laundering and terrorism financing, the occasional transaction;
• carry out continuous monitoring of the customer’s overall operations during the relationship in order to identify inconsistencies with the previously acquired information;
• Update the data and information collected in relation to the application of due diligence measures.

The BoD delegates to the anti-money laundering function to define in more detail and, if necessary, with lower limits than those provided for by the regulations, the methods of due diligence also based on the amounts moved.

For the implementation methods of ordinary due diligence measures, please refer to the Customer Due Diligence Procedure.

9.1.8. Enhanced Due Diligence Obligations

Enhanced due diligence measures consist of the acquisition of more information on the customer and the beneficial owner; in a more accurate evaluation of the nature and purpose of the relationship; in the intensification of the frequency of checks and in a greater depth of the analyses carried out as part of the ongoing control activity of the ongoing relationship.

Enhanced due diligence measures must always be applied to ongoing relationships, customers, and transactions that present a higher risk of money laundering or terrorism financing, identified both by specific sector regulations and by the specific evaluation of each obliged entity.

Pursuant to the regulations in force, it has been established that enhanced due diligence must always be applied, in the following cases:

• Entities with a high-risk profile;
• relationships and occasional transactions involving high-risk third countries in the case of Customers and/or their beneficial owners residing in high-risk third countries identified by the European Commission;
• ongoing relationships or occasional transactions with customers and their beneficial owners who hold the status of politically exposed persons.

Furthermore, in order to effectively oversee and mitigate the risk of money laundering and terrorism financing, the following cases/types of customers have been evaluated as high-risk categories to which enhanced verification measures should also be applied:

• Customers and/or beneficial owners and/or executors affected by negative reputational elements and/or negative press reports (in any case connected and/or related to phenomena of financial crime or terrorism financing) such as the existence of relevant criminal proceedings in the matter (by way of example and not exhaustive: mafia-type association, criminal association, corruption, fraud, crimes against the public administration, proceedings for financial damage, proceedings for administrative liability 231/01, sanctions for serious violations of anti-money laundering provisions);
• Customers who are the subject of requests or sequestration or confiscation orders from the Judicial and Control Authorities such as the Magistracy, Guardia di Finanza, UIF, in any case connected and/or related to phenomena related to financial crime or terrorism financing;
• Previous suspicious transaction report to the UIF;
• customers who have been, automatically or manually, assigned the “HIGH” risk class.
• Trusts;
• Trust Companies or relationships opened on behalf of settlors;
• Entities controlled directly or indirectly by Trust Companies/Trusts also in case of issuance of bearer shares;
• Entities other than natural persons controlled, directly or indirectly, by Companies having their registered office in a tax haven or in a Third State or territory considered high-risk from the lists issued and updated from time to time;
• Entities operating in some high-risk sectors:
  The sectors considered to be high-risk are the following:
• Production and trade of weapons
• Trade of animals or derived materials, such as ivory, furs, and skins
• Pawn shops, money transfers, physical and online gambling operators, trade of ferrous metals, renewable energy, cleaning activities.
• Earthmoving, political parties and subjects connected to them;
• Entities controlled, directly or indirectly, by Companies having their registered office in a tax haven or in a Third State or territory considered high-risk from the lists issued and updated from time to time;
• Customers operating predominantly in economic activities attributable to sectors particularly exposed to the risk of corruption such as: entities operating in public contracts, waste disposal, healthcare;

Finally, for prevention against tax fraud risks related to so-called “paper companies,” Young does not accept Simplified Limited Liability Companies that have not yet filed their first balance sheet among its customers unless with the written approval of the Chief Executive Officer.

Although not automatically falling into the high-risk categories, enhanced due diligence measures must be applied to the following cases/types of customers or transactions:

• Discrepancies between the conclusions reached by the assigned personnel and the declarations of the customer or executor regarding the identification of the beneficial owner.

Young must examine the context and purposes of transactions characterized by unusually high amounts or for which there are doubts about the purpose for which they are, in practice, intended and, in any case, they must strengthen the degree and nature of the checks aimed at determining whether the transactions are suspicious.

The BoD delegates to the Anti-Money Laundering Function and Young’s Operations to define amount limits, theoretical at first, but which must subsequently be periodically supported by statistical surveys.

For the detailed fulfillments in implementation of the enhanced due diligence measures, please refer to the Customer Due Diligence Procedure.

9.1.9. Simplified Due Diligence Measures

In the presence of a low money laundering or terrorism financing risk, simplified due diligence measures can be applied in terms of the extent and frequency of the fulfillments.

The rule establishes as low-risk factors the customer’s belonging to one of the following categories:

• companies admitted to trading on a regulated market and subject to reporting obligations that include those of ensuring adequate transparency of beneficial ownership;
• public administrations or institutions or bodies that perform public functions, in accordance with European Union law;
• banking and financial intermediaries listed in Article 3, paragraph 2, of the anti-money laundering decree – with the exception of those referred to in letters i), o), s), v) – and banking and financial intermediaries from the community or with registered office in a third country with an effective anti-money laundering and terrorism financing regime.

The Anti-Money Laundering Function is also responsible for verifying the existence of a money laundering and terrorism financing risk profile.

Simplified due diligence does not represent an exemption from the application of due diligence measures but only the possibility of adapting/graduating them to make them commensurate with the low risk identified in relation to:

• type of customer;
• products, services, transactions, distribution channels;
• geographical areas.

The application of simplified customer due diligence measures must be strictly excluded when there is a suspicion of money laundering or terrorism financing (or in the presence of high-risk factors).

Young has decided never to use simplified due diligence.

Risk-Based Approach for Risk Profiling

The customer due diligence measures are proportionate and commensurate with the actual degree of money laundering and terrorism financing risk.

For this purpose, Young defines and adopts procedures and safeguards that allow for assigning each customer a score that is representative of the level of money laundering and terrorism financing risk based on the information collected and the operations carried out, as well as establishing the level of depth, extent, and frequency of updating of the due diligence obligations according to four risk bands.

It is the duty of the personnel to verify that the risk class automatically proposed by the IT systems is consistent with their knowledge of the customer, applying, if necessary, higher risk classes.

The lowering of the risk level or controls by authorized personnel must be limited to exceptional cases and must be justified in writing in detail.

In identifying the risk factors inherent to a customer, the Anti-Money Laundering Function must also take into account the beneficial owner and, where relevant, the executor.

The scope of activity and the characteristics of the customer, the beneficial owner, and, where relevant, the executor, as well as the country or geographical area in which they have their registered office or residence or domicile or from which the funds originate must be evaluated.

The location of the activity carried out and the countries with which the customer or the beneficial owner and, where relevant, the executor have significant connections are also relevant.

The importance of risk factors related to the country or geographical area varies in relation to the type of ongoing relationship or transaction.

The Anti-Money Laundering Function also takes into account the behavior of the customer or the executor at the time of opening ongoing relationships or carrying out transactions.

In the case of a customer other than a natural person, it is necessary to consider the purposes of its establishment, the goals it pursues, the methods through which it operates to achieve them, as well as the legal form adopted, especially if it presents particular elements of complexity or opacity.

It must be strictly verified whether the customer and the beneficial owner are included in the “lists” of persons and entities associated with terrorism financing activities adopted by the European Commission.

The Anti-Money Laundering Function must also use, as auxiliary tools, the indicators of anomaly and the Communications on the prevention of terrorism financing published by the UIF.

Regarding the relationship or transaction, it is necessary to consider the structure of the requested product or service, in terms of transparency and complexity, and the channels through which it is distributed.

In evaluating the risk associated with the complexity of the product, service, or transaction, the possible involvement of a plurality of parties or countries must be taken into account.

The Anti-Money Laundering Function pays particular attention to any new or innovative products or services, in particular if, for the offer of these products or services, new technologies or new payment methods are used.

It must also be considered whether the product, service, or transaction is normally associated with the use of cash and whether it allows for high-amount transactions.

The reasonableness of the ongoing relationship or transaction in relation to the activity carried out and the overall economic profile of the customer and the beneficial owner must also be evaluated, taking into account all available information (e.g., income and assets) and the nature and purpose of the relationship.

In this context, comparative evaluations can be carried out with the operations of entities with similar professional or dimensional characteristics, of the economic sector, of the geographical area.

The Anti-Money Laundering Function must draw information for the identification of the customer’s risk profile from all useful sources and documents, the “National Risk Analysis”; the reports published by investigative and judicial authorities; documents from supervisory authorities (such as communications and sanctioning measures) and from the UIF, such as, for example, the indicators, anomaly schemes, and money laundering cases.

The Anti-Money Laundering Function can also take into consideration information from statistical institutes and authoritative journalistic sources.

In the case of relationships or transactions involving a third country, the overall robustness of the anti-money laundering safeguards in that country must be evaluated.

The update of the customer’s risk profile must be carried out automatically on a monthly basis.

In the presence of circumstances that justify the assignment of a higher risk profile, it is necessary to modulate the extension of the due diligence to the higher risk class assigned, if necessary, by updating the information and documentation collected.

For the updating of the acquired data and information, the available automatic procedures for reporting the expiry of documents, certifications, powers of representation, mandate relationships, as well as for reporting the acquisition of specific qualities (e.g., that of PEP) must be used.

For the methods of customer profiling and the frequency of the due diligence update, please refer to the Customer Due Diligence Procedure.

Obligations to abstain and interrupt ongoing relationships

If it is impossible to comply with customer due diligence obligations, personnel are required to abstain, if possible, from establishing the ongoing relationship/from carrying out the transaction.

Pursuant to the provisions on the matter, it is also specified that personnel are required to abstain from establishing ongoing relationships, carrying out transactions, and terminating ongoing relationships of which trusts, fiduciaries, anonymous companies, or companies controlled through bearer shares with registered office in high-risk Third Countries are directly or indirectly part.

The aforementioned measures also apply to entities other than natural persons, if access to information on the beneficial owner is not given and therefore it is not possible to verify their identity and fulfill due diligence obligations.

In the cases referred to above, personnel evaluate whether or not to make a suspicious transaction report.

Young must not initiate new relationships or carry out occasional transactions with counterparties, who are not already customers, belonging to the customer categories listed in the “Customer Acceptance Policy” paragraph.

With regard to any existing relationships with customers belonging to these categories, it is necessary to apply specific enhanced due diligence and ongoing monitoring measures after having obtained the authorization of a senior officer.

Ongoing monitoring during the relationship

In accordance with the anti-money laundering Decree, personnel are required to carry out ongoing monitoring of customer operations “…through the examination of the customer’s overall operations, the verification and updating of the data and information acquired, also regarding, if necessary depending on the risk, the verification of the origin of the funds and resources at the customer’s disposal, based on the information acquired or possessed by reason of the exercise of the activity.”

This oversight is carried out by updating the data relating to customer due diligence according to a risk-based approach, i.e., by modulating the intensity and frequency of the control based on the customer’s risk profile.

The maximum update times for customer due diligence and the related forms are defined by the Anti-Money Laundering Function in the Customer Due Diligence Procedure.

As for the monitoring of the customer’s overall operations, Young uses IT and telematic tools which, based on specific known indicators of anomaly, determine the detection of transactions that present elements of incongruence such as to configure the transaction as anomalous, which the assigned personnel must evaluate.

In case of a negative evaluation, the personnel must start the reporting process according to the methodology indicated in the Procedure on suspicious transaction reporting described in the Anti-Money Laundering Manual.

The Anti-Money Laundering Function must define a common catalog of indicators of anomaly, which can also be ascertained through extra-procedural checks on specific IT applications, in addition to those in current use in the dedicated procedures, also in line with the Regulations and communications issued by the UIF from time to time, and to establish first and second level safeguards aimed at ensuring that the detected transactions are subject to appropriate and timely in-depth analyses.

Suspicious Transaction Reporting

The reference legislation provides for the obligation on personnel to send a suspicious transaction report whenever there are reasonable reasons to suspect that money laundering or terrorism financing transactions are in progress, have been carried out, or have been attempted, or that the funds in any case come from criminal activity. In particular, the suspicion is inferred “…from the characteristics, amount, nature of the transactions, their connection or fragmentation, or from any other circumstance known, by reason of the functions exercised, also taking into account the economic capacity and the activity carried out by the person to whom it refers.”

In this regard, the Anti-Money Laundering Function must regulate, by means of a specific manual (Procedure for suspicious transaction reporting), the phases of the suspicious transaction reporting process in order to ensure that all Young personnel adopt a common approach in the evaluation of potential elements of anomaly and suspicion.

The defined procedure must ensure:

• Timeliness on the part of the personnel in communicating potentially suspicious activities to the H-STR;
• The transmission of the report, without delay, to the Authorities in charge (UIF) if the H-STR deems the communications received to be founded in light of all the elements and evidence that can be inferred from the data and information retained;
• Active collaboration with the Supervisory Authorities by promptly responding to any requests for information and/or further details regarding the reported transactions and persons.

First of all, the identification of suspicious transactions takes place on the basis of a careful and precise analysis of the characteristics, amount, nature of the transactions, the connection or fragmentation, or from any other circumstance known by reason of the functions exercised, also taking into account the economic capacity and the activity carried out by the person to whom it refers, based on the elements acquired as part of the customer due diligence and ongoing updating.

In addition to the regulatory provisions, the Anti-Money Laundering Function refers, for the purpose of analyzing anomalous and potentially suspicious transactions, to the indicators of anomaly established in the “Regulation containing the indicators of anomaly” issued by the Financial Intelligence Unit for Italy on 15/05/2023 as well as the models and schemes of anomalous behaviors issued by the UIF.

The aforementioned Regulation outlines the indicators of anomaly as attributable to the following types:

• Indicators of anomaly connected to the customer;
• Indicators of anomaly connected to the transactions or relationships;
• Indicators of anomaly connected to the means and methods of payment;
• Indicators of anomaly related to transactions in financial instruments and insurance contracts;
• Indicators of anomaly related to terrorism financing.

Based on the sector regulations, the Anti-Money Laundering Function must define the following principles underlying the reporting obligation:

• In the presence of elements of suspicion, personnel, if possible, abstain from carrying out the transaction until they have completed the report to the UIF;
• Personnel are required to report transactions regardless of the relative amount;
• Personnel report rejected, not completed, or attempted suspicious transactions, including transactions whose value is settled in whole or in part at other intermediaries;
• The analysis of the operations of its customers is carried out by personnel, considering the entire duration of the relationship, including any subsequent activities or those coinciding with the expiration/termination of the relationships.

The Anti-Money Laundering Function conducts, in coordination with the H-STR, checks on the functionality of the reporting process and the appropriateness of the evaluations made by the first level on the customer’s operations.

If the outcome of the analysis carried out confirms the presence of elements of suspicion, the H-STR proceeds with the official submission of the suspicious transaction report to the UIF, reporting on the data, information, description of the transactions, and the reasons for the suspicion.

Without prejudice to the above, as regards the suspicious transaction management process and the details of the indicators of anomaly, please refer to the procedure on the matter issued and the operational manuals of the Anti-Money Laundering applications in use.

13.1. Obligations for the protection of the reporting person

In compliance with the provisions on the matter, suspicious transaction reports must be free of the name of the reporting person in order to ensure the confidentiality of the identity of the people who make such a communication.

The H-STR must take care of the retention of the documents and evidence relating to the transactions subject to analysis in which the personal details of the reporting person are indicated and avoid the transmission of this information to third parties outside the cases provided for by the regulations.

The name of the reporting person can only be provided at the request of the judicial authority, with a reasoned decree, when it is considered fundamental for the purpose of ascertaining the crimes for which the proceedings have been initiated.

13.2. Prohibition of communications regarding suspicious transaction reports

Pursuant to the regulations, it is absolutely forbidden for the persons required to report or anyone who is aware of the suspicious transactions to provide information to the customer concerned or to third parties about the fact that a report has been made to the UIF.

The Anti-Money Laundering Function must adopt all necessary measures to guarantee the confidentiality of the identity of the persons who take part in the transaction reporting process.

These criteria apply, towards customers, also with respect to a common refusal to carry out a transaction or, for example, to a request for additional information on the transaction (as in the case where the transaction involves one or more obliged entities), avoiding providing any indication about the resource, the structure from which the prohibition or the request originates, unless expressly authorized by the latter.

Within Young, Article 39, paragraph 5, of Legislative Decree no. 231/07 must be fully applied, which does not prevent, in cases relating to the same customer or the same transaction involving two or more banking and/or financial intermediaries and others, the sharing, for the purpose of preventing money laundering or terrorism financing, of information relating to names that are the subject of a report to the UIF, without prejudice to full compliance with the provisions of articles 42, 43 and 44 of the Personal Data Protection Code.

Data Retention Obligation

In compliance with the provisions on the matter, Young is required to fulfill the obligations of registering and retaining documents, data, and information useful for preventing the proliferation of illicit and criminal activities and for allowing the carrying out of potential analyses by the sector’s Supervisory Authorities.

In this regard, the Anti-Money Laundering Function must establish that the data acquired during customer due diligence and the original of the records and registrations of the transactions carried out by the customer are retained for a period of at least 10 years starting from the termination of the ongoing relationship or from the execution of the occasional transaction.

The Anti-Money Laundering Function therefore undertakes to guarantee, through the retention of the aforementioned documents, evidence of the following data:

• Date of establishment of the ongoing relationship;
• Identifying data of the customer, the beneficial owner, the executor, and the information relating to the purpose and nature of the ongoing relationship;
• Date, amount, and reason for the transaction;
• Means of payment used.

The Anti-Money Laundering Function verifies the reliability of the information system for the correct fulfillment of the retention and registration obligations, defining uniform requirements.

As regards the data retention methods, the Anti-Money Laundering Function undertakes to verify the complete and timely accessibility to the data in the face of inspections or requests from the Authorities as well as the acquisition of at least all the data required by the anti-money laundering Decree within thirty days from the establishment, variation, or closing of the ongoing relationship or from the execution of the transaction.

Following the issuance of the Provisions on Retention, Young has decided to make the information available to the Bank of Italy and the UIF through specific extractions from the computerized retention systems carried out in accordance with the technical standards indicated in Annex No. 1 of said Provisions.

Young has decided, in accordance with Article 8 of the aforementioned provisions, not to apply the dictates of making data and information available as provided for in Articles 5 and 6 for the following entities:

• banking and financial intermediaries referred to in Article 3, paragraph 2, of the anti-money laundering decree, excluding those referred to in letters i), o), s) and v), with registered office in Italy or in another Member State;
• banking and financial intermediaries with registered office in a third country characterized by a low risk of money laundering and terrorism financing, according to the criteria indicated in Annex 1 to the provisions on customer due diligence;
• the entities referred to in Article 3, paragraph 8, of the anti-money laundering decree;
• the provincial treasury of the State or the Bank of Italy.

The Record-Keeping Procedure must incorporate the provisions on data registration and retention set out in this paragraph and activate the appropriate control safeguards.

Aggregate Anti-Money Laundering Reports (SARA) and objective communications

Young is not subject to the obligation to send Aggregate Anti-Money Laundering Reports (SARA) and objective communications to the UIF.

OAM – Quarterly VASP transmissions

Young transmits to the OAM the data relating to the overall operations for each individual customer obtained by taking into consideration all the services provided as a provider of virtual currency services and digital wallet services.

For each customer, the identifying data of the customer and those of his/her operations, in an aggregate form, carried out in the quarter of interest are represented in a digital format.

Communications relating to a specific quarter can be transmitted starting from the first day of the month following the reference quarter and must reach the OAM by the 15th of the month following the reference quarter.

Internal Violation Reporting System

The reference legislation requires entities to have internal procedures for reporting violations of the provisions issued for the prevention of money laundering and terrorism financing (so-called whistleblowing).

In compliance with the legal provisions, the anti-money laundering function adopts specific procedures to facilitate the internal reporting, by employees and collaborators, of potential or actual violations of the provisions on anti-money laundering and the fight against terrorism financing, ensuring:

• the protection of the confidentiality of the identity of the reporting person and the alleged person responsible for the violations, without prejudice to the rules governing investigations and proceedings initiated by the judicial authority in relation to the reported facts;
• the protection of the person who makes the report against retaliatory, discriminatory, or in any case unfair conduct resulting from the report;
• the provision of a specific, anonymous, and independent reporting channel, proportionate to the nature and size of the obliged entity.

Measures to combat terrorism financing

The safeguards aimed at preventing the use of the financial system for terrorism financing must be included in the internal control system defined by the Anti-Money Laundering Function, in compliance with the resolutions issued by the United Nations Security Council pursuant to Chapter VII of the United Nations Charter.

The objective of the regulatory provisions lies in the freezing of funds and economic resources held directly or through an intermediary by persons, groups, and/or entities subject to restrictive measures in compliance with the criteria and procedures defined by the resolutions of the United Nations Security Council or by a Committee designated for this purpose.

The national regulatory framework is represented by Decree 109/2007 and the anti-money laundering Decree, which confirms the validity of the previous provisions.

In order to identify any natural person, legal person, or entity subject to restrictive sanctions, Young must define internal procedures aimed at verifying the belonging of customers, whether occasional and/or already acquired, to the anti-terrorism lists through the IT outsourcer Nordest Technlogy, such as:

• UN or Al-Qaeda List relating to persons involved in acts of international terrorism and subject to restrictive sanctions at the indication of the Security Council;
• Consolidated list of persons, groups, and/or entities subject to fund-freezing measures in the territory of the European Union;
• OFAC List, which lists persons reported by the US Authorities due to their involvement in activities aimed at undermining security and peace both with regard to the United States and foreign countries.

If the aforementioned check reveals that the persons and/or entities are listed in the anti-terrorism lists, Young must undertake to:

• Freeze the sums of the natural and legal persons included in the aforementioned lists that may be identified. These sums cannot therefore be the subject of any act of transfer or management, under penalty of the nullity of such acts;
• Prepare timely information flows to the Anti-Money Laundering Function;
• Carry out any necessary in-depth analyses;
• Evaluate whether the transactions carried out are configured as suspicious and, where necessary, proceed with the report to the UIF.

In compliance with Article 7 “Reporting obligations” of Decree 109, Young also has the duty to:

• Report to the UIF the freezing measures applied to the designated persons, indicating the names, amount, and nature of the funds or economic resources. This information must be provided within 30 days from the date of entry into force of the community regulations or UN resolutions or, if later, from the date of possession of the funds and economic resources;
• Report to the competent Authorities the freezing measures or the existing relationships with the customers included in the lists published by these Authorities as well as the transactions related to terrorism financing;
• Regarding economic resources, provide information to the Special Currency Police Unit of the Guardia di Finanza.

The procedure to follow in such cases is defined in detail by the Anti-Money Laundering Function in the Customer Due Diligence Procedure.

Process for self-assessment of money laundering and terrorism financing risks

International and community regulations have established the obligation for obliged entities to periodically carry out a self-assessment of money laundering and terrorism financing risks.

The cardinal principle of this obligation lies in the adoption of a risk-based approach, which reflects the real exposure of the obliged entity and in the refinement of the safeguards with respect to the changing market conditions.

The Italian legislator has regulated this obligation pursuant to Article 15 of the anti-money laundering Decree and the Bank of Italy has detailed it further in the Organization regulation in Part VII.

In compliance with the regulations in force, the risk self-assessment process at Young is articulated in the following three macro-phases:

• Identification of inherent risk: evaluation of the current and potential risks of money laundering and terrorism financing to which Young is exposed;
• Vulnerability analysis: analysis of the adequacy and effectiveness of the apparatus and the prevention and combat safeguards adopted by Young with respect to the previously identified risks in order to identify any vulnerabilities;
• Determination of residual risk: identification of the residual risk to which Young is exposed and related mitigation actions proposed following the exercise, also in relation to the vulnerabilities found.

This exercise is coordinated by the Anti-Money Laundering Function, which is responsible for the following actions:

• Definition of methodological guidelines on risk self-assessment;
• Supervision and consolidation of the results that emerged;
• Evaluation of the residual risk within the Report to be sent to the Authorities.

The results of the self-assessment intervention must be included in the annual Report produced by the Anti-Money Laundering Function.

To complete the above, the Anti-Money Laundering Function will consider, in defining its internal methodology for self-assessment purposes, the Bank of Italy’s Provisions on the matter.

The results of the self-assessment expressed in the annual report as well as the annual judgments expressed to the BoD by the Anti-Money Laundering Function are taken into consideration by the BoD, the CEO, and the BSA in order to eventually update this Policy.

Training

Young promotes and organizes specific training programs aimed at raising awareness among all employees, collaborators, and Corporate Bodies regarding the roles and responsibilities deriving from the obligations provided for by the regulations on anti-money laundering and terrorism financing and the related behaviors, procedures, and tools to be adopted to comply with these provisions.

The training programs take into account the evolution of the relevant regulatory context and are differentiated by role and function with particular reference to the personnel belonging to the Anti-Money Laundering Function and to the employees and collaborators who carry out activities sensitive from the point of view of money laundering and terrorism financing risk or are in any case involved in the suspicious transaction reporting process.

These members of the personnel are required to be continuously updated on the evolution of money laundering risks and the typical schemes of criminal financial transactions.

In this context, particular attention in the preparation of training programs is paid to the topic of customer due diligence and the recognition and evaluation of transactions connected to money laundering or terrorism financing.

For this purpose, Young must promote:

• training activities dedicated to the methods of carrying out due diligence with particular reference to enhanced ones, as well as the sharing of case studies with the aim of standardizing the criteria for identifying and evaluating suspicious transactions;
• specific awareness-raising actions in relation to areas that present greater critical profiles in order to ensure a uniform approach.

The anti-money laundering training programs must be prepared by the Anti-Money Laundering Function.

At the end of the training sessions, the effectiveness of the training must be evaluated.

Information Flows

21.1. Information Flows to Corporate Bodies

Given the responsibilities of Young’s BoD, CEO, and BSA with reference to the management of money laundering and terrorism financing risk, these bodies must be periodically informed by the Anti-Money Laundering Function about the level of risk oversight.

The main reporting flows are summarized below:

For a detail of the information flows to other Control Functions, please refer to the Anti-Money Laundering Manual.

Glossary

• Freezing of funds – prohibition, by virtue of community regulations and national law, of the movement, transfer, modification, use, and management of funds or access to them, so as to modify their volume, amount, location, ownership, possession, nature, destination, or any other change that allows the use of the funds, including portfolio management.
• Identifying data – the name and surname, place and date of birth, registered residence and domicile, if different from the registered residence, the details of the identification document and, where assigned, the tax code or, in the case of entities other than a natural person, the name, registered office and, where assigned, the tax code;
• Cash – banknotes and metal coins, in euros or foreign currencies, that are legal tender;
• Anti-Money Laundering Function (or AML) – the Corporate Function responsible for continuously verifying that corporate procedures are consistent with the objective of preventing and combating the violation of hetero-regulation (laws and regulatory norms) and self-regulation norms regarding money laundering and terrorism financing.
• Corporate Control Functions – the Corporate Functions responsible for 2nd level controls (Compliance, Risk Management, Anti-Money Laundering) and 3rd level controls (Internal Audit).
• Control Functions – the set of Functions that by legislative, regulatory, statutory, or self-regulatory provision have control duties.
• GAFI – Financial Action Task Force
• Means of payment – cash, bank and postal checks, cashier’s checks and other checks assimilable or comparable to them such as bank drafts, postal orders, credit or payment orders, credit cards and other payment cards, transferable insurance policies, pledge policies, and any other instrument that allows the transfer, movement, or acquisition, including electronically, of funds, values, or financial assets. The source of this definition is Article n. 1, paragraph 2, sub.i, of the anti-money laundering Decree;
• Fragmented transaction – a single transaction from an economic value perspective, of an amount equal to or greater than the limits established by the current provisions, carried out through multiple transactions, individually lower than the aforementioned limits, carried out at different times and in a limited period of time set at seven days, without prejudice to the existence of the fragmented transaction when there are elements to consider it as such;
• Occasional transaction – a transaction not attributable to an existing ongoing relationship;
• Transaction – the activity consisting of the movement, transfer, or transmission of means of payment or the performance of legal acts with a patrimonial content; the stipulation of a legal act, with a patrimonial content, falling within the exercise of professional or commercial activity also constitutes a transaction;
• Corporate Bodies – BoD, CEO and Board of Statutory Auditors
• High-risk third countries – Countries not belonging to the European Union whose legal systems have strategic deficiencies in their respective national anti-money laundering and terrorism financing regimes, as identified by the European Commission in the exercise of the powers referred to in articles 9 and 64 of the directive;
• Politically Exposed Persons (i.e. PEP) – natural persons who hold or have ceased to hold for less than one year important public offices, as well as their family members and those who are notoriously in close relationship with the aforementioned persons, as listed below:
• natural persons who hold or have held important public offices are those who hold or have held the office of: President of the Republic, Prime Minister, Minister, Deputy Minister and Undersecretary, President of a Region, regional councilor, Mayor of a provincial capital or metropolitan city, Mayor of a municipality with a population of not less than 15,000 inhabitants as well as similar offices in foreign states; Deputy, senator, European parliamentarian, regional councilor as well as similar offices in foreign states; member of the central management bodies of political parties; judge of the Constitutional Court, magistrate of the Court of Cassation or the Court of Auditors, state councilor and other members of the Council of Administrative Justice for the Sicilian Region as well as similar offices in foreign states; member of the management bodies of central banks and independent authorities; ambassador, chargé d’affaires or equivalent offices in foreign states, senior officer of the armed forces or similar offices in foreign states; component of the administration, management, or control bodies of companies controlled, even indirectly, by the Italian State or by a foreign State or in which the Regions, provincial capitals and metropolitan cities and municipalities with a total population of not less than 15,000 inhabitants have a majority or total stake; general manager of an ASL and a hospital company, a university hospital company and other national health service entities. director, deputy director, and member of the management body or person performing equivalent functions in international organizations;
• family members of politically exposed persons are: parents, spouse or person linked in a civil union or de facto cohabitation or similar institutions to the politically exposed person, children and their spouses as well as persons linked to the children in a civil union or de facto cohabitation or similar institutions;
• persons with whom politically exposed persons are notoriously in close relationship are: natural persons linked to the politically exposed person due to joint beneficial ownership of legal entities or another close business relationship; natural persons who hold only formally the total control of an entity notoriously established, in fact, in the interest and for the benefit of a politically exposed person;
• Ongoing relationship – the definition of ongoing relationship includes relationships that meet the following criteria: i) existence of an ad-hoc contract with the customer and therefore not connected to an accessory service; ii) temporal character of the duration of the relationship; iii) faculty of movement or transfer of means of payment; iv) faculty of carrying out multiple transactions on the same relationship by the customer.
• Head of Suspicious Transaction Reports (or H-STR) – the person responsible for the activity of evaluating suspicious transaction reports received and transmitting to the Financial Intelligence Unit (UIF) the reports deemed founded.
• Money laundering and terrorism financing risk – reference is made to the definitions contained in this Policy.
• Funds transfer – a transaction carried out at least partially by electronic means on behalf of an originator by a payment service provider, for the purpose of making the funds available to the beneficiary through a payment service provider, regardless of whether the originator and the beneficiary are the same person and whether the originator’s and the beneficiary’s payment service provider are the same, including: a) credit transfer, as defined in Article 2, point 1), of Regulation (EU) no. 260/2012; b) direct debit, as defined in Article 2, point 2), of Regulation (EU) no. 260/2012; c) money remittance, as defined in Article 4, point 13), of Directive 2007/64/EC, national or cross-border; d) transfer made using a payment card, an electronic money instrument or a telephone.
• UIF – the Financial Intelligence Unit for Italy
• Wallet (or digital wallet) – a wallet is a secure digital wallet used to store, send, and receive digital currency.ù

1. Internal procedures concerning customer due diligence obligations and record-keeping, as well as systems for the detection, assessment, and reporting of suspicious transactions, aimed at the effective identification of other situations subject to mandatory reporting, and at the proper retention of documentation and evidence required by law.
2. i) stockbrokers referred to in Article 201 of the TUF
   o) insurance intermediaries referred to in Article 109, paragraph 2, letters a), b) and d), of the CAP, operating in the business lines referred to in Article 2, paragraph 1, of the CAP;
   s) trust companies registered in the register pursuant to Article 106 of the TUB;
   v) financial advisors referred to in Article 18-bis of the TUF and financial advisory firms referred to in Article 18-ter of the TUF.