Governance and risk management policy for money laundering and terrorist financing pursuant to Legislative Decree 231/2007 and subsequent amendments and additions
- Approved by: Board of Directors
- Updated on: 27.12.2021
- Version: 1.02 Update following the change of legal form of Young from S.r.l. to S.p.a.
Young Platform S.p.a.
Young Platform S.p.a., Via Cigna 96/17, 10155, Turin, Italy, tax code and VAT no. 11931440017 (hereinafter simply ‘Young’).
Young is among the obliged entities defined in Legislative Decree231/2007 (hereinafter the ‘Decree’) in Article 3(5), letters
- i) service providers relating to the use of virtual currency;
- i-bis) providers of digital wallet services.
As defined in Article 1(2), letters
- ff) service providers relating to the use of virtual currency: any natural or legal person that provides professional services to third parties (including online) for the use, exchange or storage of virtual currencies and their conversion from or into legal tender currencies or digital representations of value, including those convertible into other virtual currencies, as well as services for issuing, offering, transferring and clearing and any other service for acquisition, negotiation or intermediation in the exchange of said currencies;
- ff-bis) prestatori di servizi di portafoglio digitale: any natural or legal person that provides professional services to third parties (including online) for the protection of private cryptographic keys on behalf of their customers, in order to hold, store and transfer virtual currencies.
All Young staff.
For the purposes of the Anti-Money Laundering Decree, money laundering means:
- the conversion or transfer of property, knowing that such property is derived from criminal activity or from an act of participation in such activity, for the purpose of concealing or disguising the illicit origin of the property or of assisting any person who is involved in the commission of such activity to evade the legal consequences of that person’s action;
- the concealment or disguise of the true nature, source, location, disposition, movement, rights with respect to, or ownership of property, knowing that such property is derived from criminal activity or from an act of participation in such an activity;
- the acquisition, possession or use of property, knowing, at the time of receipt, that such property was derived from criminal activity or from an act of participation in such an activity;
- participation in any of the actions referred to in points a), b) and c), association to commit such an action, attempts to commit and aiding, abetting, facilitating and counselling their commission.
Money laundering is regarded as such even where the activities that generated the property to be laundered were carried out beyond national borders. The knowledge, intent or purpose of money laundering activities may be inferred from objective factual circumstances.
Terrorist financing means any activity intended, by any means whatsoever, to supply, collect, provide, intermediate, deposit, protect or disburse funds and economic resources, directly or indirectly, in whole or in part, that could be used to commit one or more acts of terrorism according to criminal law, regardless of the actual use of the funds and economic resources for the commission of the aforementioned acts.
Money laundering and terrorist financing are therefore criminal activities that, due in part to their possible international nature, represent a serious threat to the legal economy and can have destabilising effects, especially for the banking and financial system.
The soundness, integrity and stability of credit and financial institutions, as well as confidence in the financial system as a whole, could be seriously jeopardised by the efforts of criminals and their associates either to disguise the origin of criminal proceedings or to channel lawful or unlawful money for terrorist purposes.
Young responds in a responsible manner to the complexity and danger of these phenomena by devoting the utmost attention to actions and tools intended to combat them, in the knowledge that the quest for profitability and efficiency must be combined with continuous and effective monitoring of the integrity of the company’s structure.
For this reason, the involvement of the corporate bodies is a priority, as is their fulfilment of the obligations incumbent upon them. In particular, it is the responsibility of the Board of Directors (hereinafter also the BoD) to identify policies to govern the risk of money laundering and terrorist financing as appropriate to the extent and type of risk profiles to which Young’s operations are exposed in practice.
This ‘Governance and risk management policy for money laundering and terrorist financing’ (hereinafter also ‘Policy’) therefore aims to define the measures, roles and responsibilities, the organisational and operational model, and the information flows for the governance and risk management of money laundering and terrorist financing within Young, in full compliance with the relevant external legislation.
The unambiguous definition of the elements characterising the management of the risk of money laundering and terrorist financing at Young, and the guidelines that must be respected in carrying them out, are the fundamental prerequisite in order to guarantee uniform behaviour across the company.
Scope, approval and updates
The Policy is addressed to all Young’s corporate bodies and its staff.
This Policy is approved by Young’s BoD and is updated whenever there are significant organisational modifications or changes to the relevant regulatory context. The Anti-Money Laundering Officer subsequently evaluates and submits any relevant updates to the BoD for approval.
This Policy governs the regular and ordinary execution of processes and any extraordinary intervention powers by the Anti-Money Laundering Function.
This document should be read in conjunction with the following internal regulations:
- Anti-Money Laundering Manual;
- Due Diligence Procedure;
- Storage Procedure;
- Suspicious Transaction Reporting Procedure;
- Internal Violation Reporting Procedure.
The governance and risk management policy for money laundering and terrorist financing is part of the following general provisions:
- The relevant regulatory framework and the related measures to combat money laundering and terrorist financing adopted at Young;
- The duties and responsibilities of the Corporate Bodies, the Anti-Money Laundering Function, the Suspicious Transaction Reporting Officer, and the other Corporate Functions involved in managing the risk of money laundering and terrorist financing;
- The main information flows necessary for the functioning of the governance and risk management model.
Main regulatory references
In order to prevent and combat money laundering and terrorist financing, in recent years there has been significant harmonisation and strengthening of the relevant legislation at the international level. This is essential in an increasingly competitive and globalised market affected by technological and financial innovations that have greatly expanded the playing field and the tools available to those intending to carry out money laundering or terrorist financing activities.
In view of the fact that money laundering and terrorist financing operations often take place at the international level, the relevant regulations consist of a framework of sources represented by international conventions, recommendations drawn up by the international Financial Action Task Force (FATF-GAFI) and by EU legislation and subject to implementation at national level by the Member States, and implementing provisions issued by the competent national supervisory authorities.
The organisational choices made by Young and this document itself reflect European rules as well as national laws and regulations.
Young is not among the addressees of the Bank of Italy’s secondary legislation, nor secondary legislation from other supervisory authorities.
In view of this regulatory uncertainty, Young has decided to use the secondary legislation of the Bank of Italy as a point of reference, adapting to it as far as possible according to the principle of proportionality, in line with the nature, size and complexity of its operations and the type and range of services provided.
In particular, the EU and local requirements and recommendations derive from:
- Legislative Decree no. 231 of 21 November 2007 (Decree) and subsequent amendments and additions (in particular, see Legislative Decree no. 90 of 25 May 2017 and Legislative Decree no. 125 of 4 October 2019);
- The Joint Guidelines of the European Supervisory Authorities on simplified and enhanced customer due diligence and risk factors, published on 4 January 2018;
- Directive (EU) 2015/849 (so-called ‘4th Anti-Money Laundering Directive’) of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No. 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC. The regulation expanded the objective scope of application of anti-money laundering legislation, combining terrorist financing with the activity of laundering money derived from criminal activity;
- Directive (EU) 2018/843 (so-called ‘5th Anti-Money Laundering Directive’) of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU;
- Communication from the Bank of Italy on the identification and enhanced due diligence of Politically Exposed Persons: good practices and critical issues detected in the control activity, of 31 January 2018;
- Provisions on organisation, procedures and internal controls aimed at preventing the use of intermediaries for the purposes of money laundering and terrorist financing, issued by the Bank of Italy on 26 March 2019, which identify a clear and defined framework for the role of corporate bodies in managing the risk of money laundering and provide guidance to intermediaries on organisational, procedural and control measures for countering money laundering and terrorist financing, enhancing (among other things) the role and responsibilities of the Anti-Money Laundering Function and the Anti-Money Laundering Officer;
- The implementing provisions on customer due diligence (known in Italy as the ‘AVC Provisions’) issued by the Bank of Italy on 30 July 2019, which specify the practical methods for the fulfilment of due diligence obligations and the principle of the approach to risk as well as clarifying the roles of the Beneficial Owner and Politically Exposed Persons;
- Legislative Decree no. 109 of 22 June 2007 and subsequent amendments and additions concerning measures to prevent, combat and suppress the financing of terrorism and the activities of countries that threaten international peace and security, implementing Directive 2005/60/EC;
- Provisions for the storage and sharing of documents, data and information to combat money laundering and terrorist financing, issued by the Bank of Italy on 24 March 2020;
- Abnormal use of virtual currencies issued by the FIU on 29 May 2019;
- Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers, issued by the FATF in June 2019.
AML roles and responsibilities
In order to mitigate the risk of Young’s involvement in money laundering and/or terrorist financing, it is of the utmost importance that corporate bodies be involved and obligations be properly fulfilled.
The following sections provide a detailed description of the duties and responsibilities of Young’s corporate bodies in regard to anti-money laundering.
8.1. Board of Directors
The BoD is responsible for defining the overall governance and risk management model for money laundering and terrorist financing.
It is the BoD’s responsibility to approve this Policy and the organisational model for the governance and management of this risk.
In particular, the BoD:
- approves and periodically reviews the strategic guidelines and policies for the management of risks related to money laundering; in accordance with the risk-based approach, the policies are appropriate to the extent and type of risks to which Young’s operations are exposed in practice;
- approves a policy that illustrates and explains the choices made by Young at various significant levels regarding organisational structures, procedures and internal controls, due diligence and data storage, in line with the principle of proportionality and the company’s actual exposure to the risk of money laundering (so-called Anti-Money Laundering Policy);
- approves the establishment of the Anti-Money Laundering Function by identifying its duties and responsibilities as well as the methods for coordinating and collaborating with the company’s other control functions;
- approves the guidelines for a comprehensive and coordinated system of internal controls regarding the early detection and management of money laundering risk, and ensures its effectiveness over time;
- approves the principles for managing relations with ‘high-risk’ customers;
- appoints and dismisses the Suspicious Transaction Reporting Officer and the Anti-Money Laundering Officer, after consulting the internal control body;
- ensures that duties and responsibilities regarding anti-money laundering are allocated in a clear and appropriate manner, ensuring that the operational and control functions are distinct and that they are provided with adequate resources in terms of quality and quantity;
- ensures that there is an adequate, complete and timely system of information flows to corporate bodies and between control functions;
- ensures that confidentiality is protected as part of the suspicious transaction reporting procedure;
- at least once a year, examines the reports concerning the activities carried out by the Anti-Money Laundering Officer and the controls carried out by the competent functions, as well as the document on the results of the money laundering risk self-assessment;
- ensures that it is promptly informed of the shortcomings and faults identified as a result of controls at various levels and promotes the adoption of suitable corrective measures, assessing their effectiveness;
- assesses the risks resulting from transactions with third countries associated with a higher risk of money laundering, identifying the means of mitigating said risk and monitoring their effectiveness.
8.2. Chief Executive Officer
As a body with a management function, Young’s Chief Executive Officer:
- oversees the implementation of the strategic guidelines and policies for the governance of money laundering risk approved by the BoD, and is responsible for the adoption of all measures;
- defines and oversees the implementation of an internal control system for the prompt detection and management of money laundering risk and ensures its effectiveness over time, in line with the results of the risk self-assessment exercise;
- ensures that operational procedures and IT systems allow for the proper fulfilment of obligations relating to customer due diligence and document and information storage;
- with regard to suspicious transaction reporting, defines and oversees the implementation of a procedure appropriate to the specific aspects of the company’s activity, size, and complexity, in accordance with the principle of proportionality and the risk-based approach;
- also adopts measures aimed at ensuring the confidentiality of the reporting procedure as well as tools, including computerised ones, for the detection of abnormal transactions;
- defines the anti-money laundering policy submitted to the strategic supervisory body for approval, and oversees its implementation;
- defines and implements the information-sharing procedures aimed at ensuring awareness of the risk factors in all the company structures involved and in the bodies with control functions;
- defines and oversees the implementation of the procedures for managing relations with ‘high-risk’ customers, in line with the principles established by the strategic supervisory body;
- establishes training programmes for staff on the obligations set out in the anti-money laundering legislation; this training must be ongoing and systematic and must take into account the evolution of the legislation and the procedures drawn up by Young;
- establishes suitable tools that enable the verification of the activities carried out by staff, with the aim of detecting any anomalies that arise from, among other things, their behaviour, the type of communications addressed to contacts and to company structures, and the relations between staff and customers;
- ensures, in the case of remote operations (e.g. those carried out through digital channels), the adoption of specific IT procedures for compliance with anti-money laundering legislation, with particular reference to the automatic identification of anomalous transactions;
- oversees the implementation of the initiatives and procedures necessary to ensure timely reporting to the authorities as set out by legislation.
8.3. Board of Statutory Auditors
The Board of Statutory Auditors (hereinafter also BSA) monitors the completeness, adequacy, functionality and reliability of the internal control system in its entirety and therefore also the model for the governance and management of risks related to money laundering and terrorist financing, ensuring that all functions involved are adequate and that duties are performed correctly and coordinated as appropriate.
In performing its duties, this body uses internal structures to carry out the necessary checks and investigations and uses information from the other corporate bodies, from the Anti-Money Laundering Officer and from the other internal control functions.
In this regard, the BSA:
- evaluates the suitability of the procedures in place for customer due diligence, information storage, and suspicious transaction reporting;
- notifies the Suspicious Transaction Reporting Officer (hereinafter also STR Officer) without delay of potentially suspicious transactions of which it has become aware in the course of exercising its functions;
- informs the industry’s Supervisory Authorities and the administrations and bodies concerned (by virtue of their respective powers) without delay of any events or actions of which it becomes aware that may constitute serious, repeated or multiple violations of legal provisions and the corresponding implementing provisions in this regard;
- encourages further investigation into the reasons for shortcomings, anomalies and irregularities, and promotes the adoption of appropriate corrective measures;
- expresses its opinion regarding decisions on the appointment of the Anti-Money Laundering Officer and on the definition of the elements constituting the overall architecture of the system for managing and controlling the risk of money laundering and terrorist financing.
8.4. Internal Audit Function
The Internal Audit Function (hereinafter also IA) is the third line of defence for control activities, aimed at assessing the completeness, adequacy, functionality and reliability of Young’s internal control system by providing recommendations to the Corporate Bodies based on the results of its checks.
To prevent and combat the use of the financial system for money laundering and terrorist financing purposes, IA continuously checks that Young’s organisational structure is adequate, verifies that it complies with the pro tempore regulations in place, and oversees the functioning of the internal control system.
Among other things, the IA, through systematic checks including inspections, verifies:
- continuing compliance with due diligence obligations, both at the point of establishing the relationship and as the relationship develops over time;
- the effective acquisition and orderly storage of data and documents in accordance with legal provisions;
- the actual degree to which employees and contractors, as well as the heads of central and peripheral structures, are involved in implementing ‘active cooperation’ obligations.
Remote and direct inspection activities are subject to planning to allow all operating structures to be audited within a reasonable period of time and to allow structures that are most exposed to the risks of money laundering and relationships with a ‘high’ risk profile to be examined more frequently.
In addition, the IA periodically verifies the suitability and effectiveness of the Anti-Money Laundering Function.
The results of the IA’s operations are shared with the Anti-Money Laundering Officer.
The IA also carries out follow-ups to ensure the adoption of corrective measures regarding any shortcomings and irregularities identified, as well as their suitability in preventing similar situations in the future.
In accordance with the principle of proportionality, the responsibility for the function has been attributed to a director, Mariano Carozzi, who is the holder of specific powers regarding controls and who is not the holder of other powers that may affect his autonomy.
8.5. The Anti-Money Laundering Function
Young has established the Anti-Money Laundering Function (hereinafter also AMLF) responsible for preventing and combating the execution of money laundering operations. This function is organised in accordance with the principle of proportionality; in any case, the AMLF is independent and is equipped with suitable resources in terms of both quality and quantity for the duties it carries out, which can also be activated independently.
The AMLF reports directly to the BoD, the CEO and the BSA and has access to all Young’s activities as well as any information relevant to the performance of its duties.
The staff who carry out AMLF tasks are adequate in terms of number and technical/professional skills and are kept up to date in the field, including through ongoing training programmes.
The AMLF continuously verifies that the company’s procedures are consistent with the goal of preventing and combating violations of the anti-money laundering regulations. To this end, the function:
- identifies the applicable regulations and assesses their impact on internal processes and procedures;
- collaborates in defining the internal control system and procedures aimed at preventing and combating money laundering risks;
- continuously verifies the adequacy of the money laundering risk management process and the suitability of the internal control system and procedures, and proposes organisational and procedural changes aimed at ensuring adequate control over money laundering risks;
- in conjunction with the STR Officer, conducts checks on the functionality of the reporting process and the adequacy of the assessments made on customer operations;
- collaborates in defining the money laundering risk governance policies and the various phases of the risk management process;
- in conjunction with the other corporate functions concerned, conducts the annual self-assessment exercise concerning the money laundering risks to which Young is exposed;
- provides support and assistance to the corporate bodies and senior management;
- assesses in advance the money laundering risk connected to the offering of new products and services;
- verifies the reliability of the IT system with regard to the fulfilment of obligations concerning customer due diligence, data storage and suspicious transaction reporting;
- sends the aggregate data concerning Young’s overall operations to the FIU on a monthly basis. For the moment, Young is not among the entities obliged to send aggregate data to the FIU;
- in conjunction with the other corporate functions responsible for training, prepares a suitable training plan aimed at providing ongoing refresher training to staff;
- promptly informs the corporate bodies of any violations or significant shortcomings identified in carrying out its duties;
- sets up information flows to corporate bodies and senior management.
Young has assigned responsibility for carrying out enhanced due diligence to the internal officer and to the outsourced officer for this function.
The AMLF draws up and sends the anti-money laundering manual to the BoD, the CEO and the BSA. The document, which is continuously updated, is available and easily accessible to all staff.
The AMLF pays particular attention to: the adequacy of internal systems and procedures regarding customer due diligence and storage obligations as well as systems for identifying, assessing and reporting suspicious transactions; the effective detection of other situations subject to reporting obligations; and the appropriate storage of the documentation and evidence required by law.
In conjunction with the Internal Audit function, the AMLF can carry out sample checks to verify the effectiveness and functionality of internal systems and procedures and identify any areas with critical issues.
At least once a year, the AMLF shall submit to the BoD, the CEO and the BSA a report on the initiatives adopted, the shortcomings identified and the corresponding corrective measures to be taken, as well as on staff training. The report also includes the results of the self-assessment exercise conducted pursuant to Part Seven of the Bank of Italy’s provisions on organisation, procedures and internal controls.
The AMLF collaborates with the Authorities referred to in Title I, Chapter II of the Anti-Money Laundering Decree.
8.5.2. Responsibility for the function
Young has decided to outsource responsibility for the Anti-Money Laundering Function to the company Arkes S.r.l., represented by Mr Ettore Valsecchi, who fulfils the appropriate requirements of independence, authority and professionalism.
The Anti-Money Laundering Officer (hereinafter also AMLO) falls within the category of corporate control function officers. The BoD is responsible for appointing and revoking this role (with adequate justification).
The AMLO reports directly to the corporate bodies, without restrictions or intermediation.
The AMLO is placed in an appropriate hierarchical/functional position and has no direct responsibilities for operational areas, nor is he hierarchically dependent upon persons responsible for these areas.
Staff called upon to cooperate with the AMLF report directly to the AMLO for matters pertaining to the corresponding tasks.
8.6. Suspicious Transaction Reporting Officer
The Suspicious Transaction Reporting Officer (hereinafter STR Officer), appointed by BoD decision, is Alessandro Perillo.
The STR Officer fulfils the appropriate requirements of independence, authority and professionalism and carries out his activities with independent judgment and in compliance with the confidentiality obligations set out by the Anti-Money Laundering Decree, including in dealings with representatives and other corporate functions.
The role of the STR Officer is suitably formalised and reported within the structure.
The appointment and dismissal of this Officer are communicated promptly to the FIU according to the methods specified by the latter.
The STR Officer is responsible for:
- assessing, in the light of all available evidence, suspicious transactions reported by staff;
- assessing, in the light of all available evidence, suspicious transactions of which he otherwise becomes aware within the scope of his activities;
- submitting any reports deemed to be justified to the FIU, without giving the names of the persons involved in the transaction-reporting procedure;
- retaining evidence of the assessments carried out as part of the procedure, even if no report is sent to the FIU.
The STR Officer:
- acquires all useful information internally;
- has free access to information flows directed to significant corporate bodies and structures for the prevention and combating of money laundering (e.g. requests received from the judicial authority or investigative bodies);
- also uses any evidence that can be inferred from freely accessible information sources in his assessments.
The STR Officer must be familiar with and rigorously and effectively apply instructions, frameworks and indicators issued by the FIU; he acts as a point of contact with the FIU, responding promptly to any requests for further information.
The STR Officer communicates the outcome of his assessment to the first-level staff member that made the report, using suitable organisational procedures to ensure compliance with the confidentiality obligations set out in the Anti-Money Laundering Decree.
In compliance with the confidentiality obligations set out in the Anti-Money Laundering Decree regarding the identity of the persons taking part in the transaction reporting procedure, the STR Officer updates the risk profile of the reported customers.
8.7. Coordination with other Corporate Control Functions
The Anti-Money Laundering Function is part of the overall framework of the internal control system. The interaction between this function and the other control functions is therefore part of the more general coordination between all structures with control responsibilities in order to ensure the correct functioning of the internal control system on the basis of fruitful interaction, avoiding overlapping or control shortcomings.
The value generated by the Anti-Money Laundering Function is therefore greater the stronger the synergies established with the other stakeholders in the internal control system. In fact, the collaboration between these functions allows the Anti-Money Laundering Function to develop its risk management methodologies in a manner consistent with the company’s strategies and operations, designing processes compliant with the legislation and providing consultancy.
In assessing the adequacy of internal systems and procedures, the Anti-Money Laundering Function can carry out, in conjunction with the IA, on-site checks on a sample basis to verify the effectiveness and functionality of these systems and procedures and to identify any areas with critical issues.
Anti-money laundering measures and guidelines
Young is always committed to spreading a culture of preventing and mitigating money laundering and terrorist financing.
Young’s Anti-Money Laundering Function ensures the proper coordination of safeguards for the prevention and combating of money laundering and terrorist financing, in compliance with the pro-tempore regulations in force.
At Young, action to prevent and combat money laundering and terrorist financing is implemented based on the following measures:
- Customer due diligence;
- Attributing a money-laundering risk profile to customers;
- Recording activities and transactions and storing the related supporting documents;
- Adopting organisational procedures and internal controls;
- Monitoring and reporting any suspicious transactions;
- Staff training.
9.1. Customer due diligence measures
The key activity in anti-money laundering legislation is due diligence, which represents one of the major requirements imposed on obliged entities, because of both the control activities that must be established to execute it and the activities that – depending on its outcome – the obliged entities are then required to perform.
The customer due diligence process is made up of a sequence of multiple activities. Some of these are carried out when establishing a relationship with customers (such as identification, verification of the identity and authenticity of the documents presented by the customer), while others are intended to be continuously applied for the entire duration of the relationship (in particular, monitoring the transactions carried out and assessing their consistency with the customer’s economic/institutional profile).
Customer due diligence aims to obtain in-depth knowledge of the customer’s economic (and possibly financial) profile in order to subsequently analyse and evaluate whether the transactions requested are consistent with the identified profile. These measures are proportionate to the level of money laundering and terrorist financing risk identified at the onboarding stage and on an ongoing basis.
In line with the Risk-Based Approach (hereinafter also RBA), Young scales its customer due diligence activities by calibrating them based on the money laundering risk associated with the individual customer, the business relationship, the product or the transaction in question. It therefore applies the measures on three levels: ordinary, enhanced or simplified obligations depending on the level of risk.
The ordinary due diligence measures adopted at Young have been designed to encompass the necessary and sufficient information to cover the risks identified in the risk self-assessment.
9.1.1. Breakdown of customers
Young has decided to classify its customers differently depending on the stage reached in the onboarding process:
The onboarding due diligence process (acceptance of a new customer) at Young is divided into three steps:
- Registration on the platform;
- Customer identification and verification (KYC);
- Execution of the first financial transaction.
Subjects classified in this category have completed the platform registration process but have not yet completed the identification and verification (KYC) process: for this reason, Young has decided not to consider them as ‘customers‘ since the data provided by the subject is not only insufficient for any checks but is also not reliable, as it is provided by the customer without any possibility of verification.
Subjects classified in this category are registered on the platform and have passed the KYC identification and verification phase. They have therefore been identified and sufficient information has been gathered to fulfil the due diligence obligations. However, subjects classified in this category are not operational, and for this reason, Young has decided not to consider them as customers.
Subjects classified in this category have passed the KYC phase and have carried out at least one financial transaction with Young.
Young has decided to consider as customers only subjects in this category, i.e. subjects who have completed the due diligence process and have carried out at least one financial transaction with Young.
9.1.2. Customer acceptance policy
Young onboards its customers electronically.
For ethical reasons, Young does not accept potential customers that belong to the following categories or that have certain characteristics.
Customers excluded by country:
Customers residing in high-risk third countries, i.e. non-EU countries whose jurisdictions have strategic deficiencies in their national anti-money laundering and counter-terrorist financing regimes, as identified by the European Commission in exercising the powers referred to in Articles 9 and 64 of the Directive.
- American Samoa
- North Korea
- Puerto Rico
- Saudi Arabia
- Trinidad and Tobago
- US Virgin Islands
Customers excluded by economic activity:
As an ethical choice made by the BoD, Young does not accept as a customer any company or entity operating in the following sectors:
- Arms production and trade
- Trade in animals or animal products such as ivory, fur and leather
- Subjects other than natural persons controlled, directly or indirectly, by companies with their registered offices in a tax haven or in a third country or territory considered high-risk as per the lists issued and updated periodically;
- Customers predominantly operating in economic activities related to sectors that are particularly exposed to the risk of corruption (by way of example but not limited to: public procurement, waste disposal, gold trade) identified by the Anti-Money Laundering Function.
Finally, to prevent risks of tax fraud linked to so-called ‘shell corporations’, Young does not accept as customers simplified limited liability companies that have not yet filed their first financial statements.
9.1.3. Acceptance policy for customers that are victims of ‘ransomware’
Ransomware is a malicious computer program (‘malware’) that can ‘infect’ a digital device (PC, tablet, smartphone, smart TV), blocking access to all or some of its content (photos, videos, files, etc.) and then asking for a ransom to be paid to ‘unlock’ them.
The payment request, with the corresponding instructions, usually appears in a window that opens automatically on the screen of the infected device. The user is threatened that he or she only has a few hours or days to make the ransom payment, otherwise the content will remain blocked permanently.
Ransomware victims may turn to Young to convert a certain amount of fiat currency into virtual currency in order to be able to pay the ransom, which is often collected through this type of transfer.
With regard to ransomware victims who request the opening of a Young account with a high amount limit in order to pay this ransom, Young has decided to provide its services under the following conditions:
- That the blackmail is real and is not being used as an attempt to conceal;
- That the payment is made exclusively through the opening of an account with Young, and that the customer, through this account, independently makes the payment required.
Please refer to the Due Diligence Procedure for more details on the actions that the company must take in such cases.
9.1.4. Cash transactions
Young never operates directly in cash; however, through points of sale run by authorised partners, customers can deposit small amounts of cash into their account by handing them in at a point of sale. Please refer to the Due Diligence Procedure for details.
9.1.5. Specific measures for remote transactions
Remote transactions are those carried out where the customer is not physically present alongside Young’s staff or other personnel appointed by Young, at Young’s premises or elsewhere (e.g. through telephone or computer communication systems); when the customer is not a natural person, it is considered to be present when its executor is.
Young always operates remotely, both in establishing an ongoing relationship and for occasional transactions (e.g. purchase of virtual currency against legal tender currency, with a simultaneous transfer to a digital wallet not under Young’s control).
In view of this remote operation, especially with new customers, identification must be carried out in such a way as to provide certainty regarding their identity.
In view of new technologies and their ongoing evolution, the BoD asks the Anti-Money Laundering Function and the Control Committee to define remote identification methods and to report the results and any subsequent changes to the BoD.
Detailed instructions on carrying out due diligence remotely, both for establishing a relationship (onboarding) and for the provision of transactions, are provided in the Due Diligence Procedure.
9.1.6. Specific risk factors inherent to the country or geographical area
Young places particular importance on analysing the risk factors relating to the country or geographical area connected to the transactions carried out by customers.
In particular, it carefully analyses transactions where funds are received from or sent to third countries associated with terrorist activities or where the funds used in the ongoing relationship were produced in a third country.
For Young, the term ‘high-risk countries’ has a double meaning:
- Customers residing in high-risk countries
- Relationships, transactions (both incoming and outgoing) involving high-risk countries
The Customer Acceptance Policy excludes customers residing in high-risk countries (as identified by the European Commission).
Young mainly operates with customers residing in the EEA, with a small number of customers residing in third countries.
The BoD recommends operating with caution and maximum safety with regard to third countries.
The Anti-Money Laundering Function and the Control Committee are responsible for adopting appropriate safeguards and reporting to the BoD on the results and any subsequent changes.
9.1.7. Ordinary due diligence obligations
The legislation requires due diligence obligations to be fulfilled in the following cases:
- when an ongoing relationship is established;
- when an occasional transaction ordered by the customer is carried out involving the transmission or movement of means of payment for an amount equal to or greater than €15,000, regardless of whether this is done in a single transaction or in several transactions;
- when there is a suspicion of money laundering or terrorist financing, regardless of any applicable exception, exemption or threshold;
- when doubts arise about the completeness, reliability or truthfulness of the information or documentation previously acquired (e.g. in the event of the non-delivery of correspondence to the address indicated or of inconsistencies between the documents submitted by the customer or otherwise acquired by Young).
- when appropriate in light of an increase in the level of risk of money laundering or terrorist financing associated with an existing customer.
In this context, it is necessary to:
- identify the customer and the executor (where applicable);
- identify the beneficial owner (where applicable);
- verify the identity of the customer, the executor and the beneficial owner (where applicable) on the basis of documents, data or information obtained from a reliable and independent source;
- with particular regard to the executor, acquire detailed information relating to his/her being granted authorisation with the power to represent the customer, by virtue of which he/she operates in the customer’s name and on the customer’s behalf, and relating to the executor’s relationship with the customer;
- acquire and evaluate information on the purpose and nature of the ongoing relationship and, if there is a high risk of money laundering and terrorist financing, of the occasional transaction;
- carry out continuous monitoring of the customer’s overall operations during the relationship in order to identify aspects that are inconsistent with the information previously acquired;
- update the data and information collected in relation to the application of due diligence measures.
The BoD authorises the Anti-Money Laundering Function to define the due diligence methods in more detail depending on the amounts being handled, with lower limits than those set out by the legislation if necessary.
With regard to the methods for implementing the ordinary due diligence measures, please refer to the Due Diligence Procedure.
9.1.8. Enhanced due diligence obligations
Enhanced due diligence measures consist of: acquiring more information on the customer and on the beneficial owner; a more thorough assessment of the nature and purpose of the relationship; more frequent checks and a more in-depth analysis as part of the continuous monitoring of the ongoing relationship.
Enhanced due diligence measures must be applied to ongoing relationships, customers and transactions where there is a high risk of money laundering or terrorist financing, identified by means of both specific sector regulations and each obliged entity’s own assessment.
Current legislation sets out that enhanced due diligence must always be applied in the following cases:
Subjects with a high risk profile;
- relationships and occasional transactions involving high-risk third countries in the case of customers and/or their beneficial owners that reside in high-risk third countries identified by the European Commission;
- ongoing relationships or occasional transactions with customers and their beneficial owners that hold the status of Politically Exposed Persons.
In addition, in order to effectively monitor and mitigate the risk of money laundering and terrorist financing, the following cases/types of customers are also assessed as high-risk categories to which the enhanced measures should therefore be applied:
- Customers and/or beneficial owners and/or executors affected by negative reputations and/or negative press reports (in any case connected and/or related to financial crimes or terrorist financing), such as the existence of relevant criminal proceedings (by way of example but not limited to: mafia associations, criminal associations, corruption, fraud, crimes against the public administration, proceedings for losses to the public purse, proceedings for administrative liability 231/01, sanctions for serious violations of anti-money laundering regulations);
- Customers subject to specific and detailed seizure and confiscation requests or proceedings by the Judicial and Control Authorities such as the Judiciary, the Guardia di Finanza or the FIU, or in any case connected and/or related to financial crime or terrorist financing;
- Prior suspicious transaction reports made to the FIU;
- Customers to which the ‘HIGH’ risk class has been assigned, either automatically or manually;
- Trust companies or relationships opened on behalf of trustees;
- Subjects directly or indirectly controlled by trusts, including in the case of the issuance of bearer shares;
- Subjects other than natural persons controlled, directly or indirectly, by companies with their registered offices in a tax haven or in a third country or territory considered high-risk as per the lists issued and updated periodically;
- Customers predominantly operating in economic activities related to sectors that are particularly exposed to the risk of corruption (by way of example but not limited to: public procurement, waste disposal, gold trade) identified by the Anti-Money Laundering Function.
Although not automatically included in the high-risk categories, enhanced due diligence measures must be applied to the following cases/types of customers or transactions:
- Discrepancy between the conclusions reached by the personnel responsible and the declarations made by the customer or executor regarding the identification of the beneficial owner.
Young must examine the context and the purpose of transactions that feature unusually high amounts or with respect to which there are doubts about the purpose for which they are actually predestined. In any case, Young must enhance the degree and nature of the checks to determine if the transactions are suspicious.
The BoD asks the Anti-Money Laundering Function and Young’s Operations team to define amount limits. These are initially theoretical but must subsequently be periodically guided by statistical surveys.
As regards the detailed requirements for the implementation of the enhanced due diligence measures, please refer to the Due Diligence Procedure.
9.1.9. Simplified due diligence measures
When there is a low risk of money laundering or terrorist financing, simplified due diligence measures can be applied with regard to the extent and frequency of the requirements.
The legislation sets out that belonging to one of the following categories constitutes a low risk factor for customers:
- companies listed on a regulated market and subject to disclosure obligations that include ensuring adequate transparency concerning beneficial ownership;
- public administrations, i.e. institutions or bodies that perform public functions, in accordance with the law of the European Union;
- banking and financial intermediaries listed in Article 3(2) of the Anti-Money Laundering Decree – with the exception of those referred to in letters i), o), s), v)*** – and banking and financial intermediaries based in the EU or in a third country with an effective anti-money laundering and terrorist financing regime.
i) brokers referred to in Article 201 of the TUF (Consolidated Finance Act);
o) insurance intermediaries referred to in Article 109(2), letters a), b) and d) of the CAP (Private Insurance Code), which operate in the areas of activity referred to in Article 2(1) of the CAP;
s) trust companies registered pursuant to Article 106 of the TUB (Consolidated Banking Act);
v) financial advisors referred to in Article 18-bis of the TUF and financial advisory companies referred to in Article 18-ter of the TUF.
The Anti-Money Laundering Function is also responsible for verifying if a potential customer has a money laundering and terrorist financing risk profile.
Simplified due diligence does not represent an exemption from the application of due diligence measures, but rather the possibility of adapting/graduating them to make them commensurate with the low risk identified in relation to:
- type of customer;
- products, services, operations, distribution channels;
- geographical areas.
The application of simplified due diligence measures is strictly forbidden when there is a suspicion of money laundering or terrorist financing (i.e. in the presence of high risk factors).
Young has decided never to use the simplified due diligence process.
9.2. Risk-based approach for allocating a risk profile
Customer due diligence measures are proportionate and commensurate with the actual degree of risk of money laundering and terrorist financing.
To this end, Young defines and adopts procedures and safeguards that allow each customer to be assigned a score representing the level of risk of money laundering and terrorist financing, based on the information collected and the transactions carried out. This also allows Young to establish the severity, the extent and the reassessment frequency for the due diligence requirements according to four risk bands.
Staff are responsible for verifying that the risk class suggested automatically by the IT systems is consistent with their knowledge of the customer, applying higher risk classes where appropriate.
Authorised personnel must only lower the risk level or controls in exceptional cases, and they must explain this decision in detail in writing.
In identifying the risk factors relating to a customer, the Anti-Money Laundering Function must also take into account the beneficial owner and, where relevant, the executor.
It must assess the scope of activity and characteristics of the customer, the beneficial owner and, where relevant, the executor, as well as the country or geographical area in which they have their headquarters, residence or domicile or from which the funds originate.
It also identifies the location of the activity carried out and the countries with which the customer or the beneficial owner and (where relevant) the executor have significant connections.
The importance of risk factors related to the country or geographical area varies according to the type of ongoing relationship or transaction.
The Anti-Money Laundering Function also takes into account the behaviour of the customer or the executor when opening an ongoing relationship or carrying out transactions.
In the case of a customer other than a natural person, the AMLF must consider the purpose of its establishment, the aims it pursues, the methods by which it operates to reach them, and the legal form adopted, especially if it features particularly complex or non-transparent elements.
The AMLF must strictly verify whether the customer and the beneficial owner are included on the ‘lists’ of persons and entities associated with terrorist financing activities adopted by the European Commission.
The Anti-Money Laundering Function must also use the anomaly indicators and communications on the prevention of terrorist financing published by the FIU as support tools.
With regard to the relationship or transaction, the structure of the product or service requested must be considered in terms of transparency and complexity and the channels through which it is distributed.
In assessing the risk associated with the complexity of the product, service or transaction, the potential involvement of multiple parties or countries must be taken into account.
The Anti-Money Laundering Function pays particular attention to any new or innovative products or services, particularly in the event that new technologies or new payment methods are used to offer these products or services.
It must also consider whether the product, service or transaction is normally associated with the use of cash and whether it allows for large transactions.
It must also evaluate the reasonableness of the ongoing relationship or transaction in relation to the activity carried out and the overall economic profile of the customer and the beneficial owner, taking into account all the available information (e.g. earning and asset capacity) and the nature and purpose of the relationship.
In this regard, comparative assessments can be carried out with the transactions of subjects bearing similarities in terms of profession, size, economic sector and geographical area.
The Anti-Money Laundering Function must obtain information to identify the risk profile of customers from all useful sources and documents: the ‘National Risk Analysis’; reports published by investigative and judicial authorities; documents from supervisory authorities (such as communications and sanctions) and the FIU, including (for example) indicators, anomaly frameworks and money laundering case studies.
The Anti-Money Laundering Function may also take into account information from statistical institutions and authoritative journalistic sources.
In the case of relationships or transactions involving a third country, the overall robustness of the anti-money laundering safeguards in place in that country must be assessed.
Customer risk profiles must be automatically updated on a monthly basis.
If there are circumstances that justify the attribution of a higher risk profile, the extent of due diligence measures must be adjusted to the higher risk level assigned, updating the information and documentation collected if necessary.
To update the data and information acquired, the AMLF must use the automatic procedures available for reporting the expiry of documents, certifications, powers of representation and proxy relationships, as well as for reporting the acquisition of specific characteristics (e.g. becoming a PEP).
With regard to the methods for the profiling of customers as well as the frequency of due diligence updates, please refer to the Due Diligence Procedure.
9.3. Obligations to refuse to establish and to interrupt ongoing relationships
If it is impossible to comply with customer due diligence obligations, staff are required to refrain, if possible, from establishing an ongoing relationship/carrying out the transaction.
Pursuant to the applicable provisions, it is also specified that staff are required to refrain from establishing ongoing relationships, carrying out transactions and terminating ongoing relationships involving (directly or indirectly) trusts, trust companies, anonymous limited companies or those controlled through bearer shares based in high-risk third countries.
The aforementioned measures also apply to persons other than natural persons if access to information concerning the beneficial owner is not granted and it is therefore not possible to verify the beneficial owner’s identity and fulfil the due diligence obligations.
In the cases referred to above, staff shall assess whether or not to report a suspicious transaction.
Young must not enter into new relationships or carry out occasional transactions with parties that are not already customers and that belong to the customer categories listed in the section ‘Customer acceptance policy’.
With regard to any relationships already in place with customers belonging to these categories, specific and enhanced due diligence measures and continuous monitoring must be applied after obtaining authorisation from a senior manager.
9.4. Continuous monitoring during the relationship
In accordance with the Anti-Money Laundering Decree, staff are required to carry out continuous monitoring of the customer’s operations ‘… by examining the overall activity of the customer, verifying and updating the data and information acquired, also with regard – if necessary in accordance with the risk – to verifying the origin of the funds and resources available to the customer, based on the information acquired or possessed by virtue of carrying out the activity’.
This monitoring is carried out by updating the data relating to customer due diligence according to a risk-based approach, namely by adjusting the severity and frequency of checks according to the customer’s risk profile.
The maximum time frames for updating the customer due diligence of the related forms are set out by the Anti-Money Laundering Function in the Due Diligence Procedure.
As regards the monitoring of the customer’s overall operations, Young uses IT and electronic tools that, based on specific known anomaly indicators, detect transactions featuring inconsistent elements that identify the transaction as an anomaly; these must be evaluated by the staff responsible.
If the result of this evaluation is negative, staff must initiate the reporting process using the method indicated in the Suspicious Transaction Reporting Procedure described in the Anti-Money Laundering Manual.
The Anti-Money Laundering Function must define a shared catalogue of anomaly indicators, which can also be verified through extra-procedural checks on specific IT applications, going beyond those currently used in the dedicated procedures and also in line with the measures and communications issued periodically by the FIU. It must also establish first- and second-level safeguards aimed at ensuring that the transactions detected are subject to timely and in-depth investigation and analysis.
9.5. Suspicious transaction reporting
The relevant legislation dictates that staff must send a suspicious transaction report whenever there are reasonable grounds for suspecting that money laundering or terrorist financing operations are underway or have been completed or attempted, or in any case where funds are thought to have originated from criminal activity. In particular, the suspicion is based on ‘… the characteristics, size and nature of the transactions, their connection or parcelling, or any other known circumstance, on account of the actions carried out, also taking into account the economic capacity and the activity carried out by the related subject’.
In this regard, the Anti-Money Laundering Function must regulate, by means of a specific manual (Suspicious Transaction Reporting Procedure), the stages of the suspicious transaction reporting process in order to ensure that all Young staff adopt a shared approach with regard to assessing potential anomalies and suspicious elements.
The defined procedure must ensure that:
- Staff promptly notify the STR Officer of potentially suspicious activities;
- The report is submitted to the Authorities responsible (FIU) without delay if the STR Officer considers the report received to be well-founded in light of all the elements and evidence that can be deduced from the data and information stored;
- There is active collaboration with the Supervisory Authorities in the form of prompt responses to any requests for information and/or further details regarding the transactions and subjects reported.
Firstly, the identification of suspicious transactions takes place on the basis of a careful and timely analysis of the characteristics, size and nature of the transactions, their connection or parcelling, or any other known circumstance, on account of the actions carried out, also taking into account the economic capacity and the activity carried out by the related subject, based on evidence acquired as part of customer due diligence and continuous updating.
In addition to legislative provisions, in analysing anomalous and potentially suspicious transactions, the Anti-Money Laundering Function refers to the anomaly indicators established in the ‘Provision concerning anomaly indicators’ issued by the Bank of Italy on 24 August 2010, as well as the models and frameworks of anomalous behaviour periodically issued by the FIU. The Provision mentioned above outlines the anomaly indicators attributable to the following cases:
- Anomaly indicators related to the customer;
- Anomaly indicators related to transactions or relationships;
- Anomaly indicators related to payment instruments and methods;
- Anomaly indicators related to transactions with financial instruments and insurance contracts;
- Anomaly indicators related to terrorist financing.
Based on industry regulations, the Anti-Money Laundering Function must define the following principles as the basis of its reporting obligations:
- If there are suspicious elements, staff refrain from carrying out the transaction (if possible) until they have completed the report to the FIU;
- Staff are required to report transactions regardless of their amount;
- Staff report suspicious transactions that are rejected, not concluded, or attempted, including transactions whose equivalent value is settled in whole or in part with other intermediaries;
- The analysis of customer transactions is carried out by staff, taking into account the entire duration of the relationship, including any activities coinciding with or subsequent to the expiry/termination of the relationship.
In conjunction with the STR Officer, the Anti-Money Laundering Function carries out checks on the functionality of the reporting process and on the adequacy of the first-level customer transaction assessments made.
If the outcome of the analysis confirms the presence of suspicious elements, the STR Officer officially sends the suspicious transaction report to the FIU, supplying the data, the information, a description of the transactions and the reasons for the suspicion.
Without prejudice to the above, in regards to managing suspicious transactions and the details of the anomaly indicators, please refer to the issued procedure and to the current operating manuals for anti-money laundering applications.
9.5.1. Reporter protection obligations
In compliance with the applicable regulations, suspicious transaction reports must not contain the name of the reporter in order to ensure that the identity of the person(s) making the report remains confidential. The STR Officer must ensure the safekeeping of documents and evidence relating to the transactions being analysed in which the personal information of the reporter is provided, and must avoid transmitting this information to third parties except for in the cases set out by legislation.
The name of the reporter can be provided only upon request from the judicial authority, with a justified order, when it is deemed essential for the purpose of ascertaining the crimes for which the proceeding was initiated.
9.5.2. Confidentiality regarding suspicious transaction reports
Pursuant to legislation, it is strictly forbidden for the reporting entities or anyone who is aware of suspicious transactions to provide information to the customer concerned or to third parties regarding the report made to the FIU.
The Anti-Money Laundering Function must take all the necessary measures to guarantee the confidentiality of the identity of the persons taking part in the transaction reporting process.
These criteria apply to customers, even in the case of the common refusal to carry out a transaction or, for example, when requesting additional information on the transaction (as in cases where a transaction involves one or more obliged entities). No indication may be provided regarding the resource or structure from which the restriction or request originates, unless expressly authorised by the latter.
Young must fully apply Article 39(5) of Legislative Decree no. 231/07, which does not prevent, in cases relating to the same customer or the same transaction involving two or more intermediaries (banking and/or financial or otherwise), the sharing, for the purposes of preventing money laundering or terrorist financing, of information concerning the names subject to reporting to the FIU, without prejudice to full compliance with the provisions of Articles 42, 43 and 44 of the Code on the Protection of Personal Data.
9.6. Data storage obligations
In compliance with the applicable regulations, Young is required to record and store any useful documents, data and information in order to prevent the proliferation of illegal and criminal activities and to allow the sector’s Supervisory Authorities to carry out analysis if necessary.
In this regard, the Anti-Money Laundering Function must ensure that the data acquired during customer due diligence, the original records and records of transactions carried out by the customer must be kept for at least 10 years after the termination of the ongoing relationship or the execution of the occasional transaction. The Anti-Money Laundering Function therefore undertakes to guarantee the following data as evidence by retaining the documents mentioned above:
- Date on which the ongoing relationship was established;
- Data identifying the customer, the beneficial owner and the executor as well as information relating to the purpose and nature of the ongoing relationship;
- Date, amount and purpose of the transaction;
- Means of payment used.
The Anti-Money Laundering Function verifies that the IT system can be relied upon to correctly fulfil the storage and recording obligations, defining uniform requirements.
With regard to data storage methods, the Anti-Money Laundering Function undertakes to verify that the data is fully and promptly available for inspections or upon request from the Authorities, as well as to acquire at least the data required by the Anti-Money Laundering Decree within thirty days of establishing, changing or terminating an ongoing relationship or carrying out a transaction.
Following the issuance of the Storage Provisions, Young has decided to make the information available to the Bank of Italy and the FIU by means of specific extractions from computerised storage systems, carried out in accordance with the technical standards indicated in Annex no. 1 of said Provisions.
Young has decided, in accordance with Article 8 of the aforementioned Provisions, not to apply the rules on the provision of data and information referred to in Articles 5 and 6 for the following subjects:
- banking and financial intermediaries as referred to in Article 3(2) of the Anti-Money Laundering Decree, excluding those referred to in letters i), o), s) and v), based in Italy or in another Member State;
- banking and financial intermediaries based in a third country with a low risk of money laundering and terrorist financing, in accordance with the criteria set out in Annex 1 of the customer due diligence provisions;
- subjects referred to in Article 3(8) of the Anti-Money Laundering Decree;
- the State Treasury or the Bank of Italy.
The Storage Procedure must incorporate the data recording and storage provisions set out in this section and activate the appropriate control measures.
9.7. Aggregate Anti-Money Laundering Reports (SARAs) and objective communications
Young is not obliged to send Aggregate Anti-Money Laundering Reports (known as SARAs) and objective communications to the FIU.
9.8. Internal Violation Reporting System
The applicable legislation requires the adoption of internal reporting procedures (known as whistleblowing) for any violations of the provisions aimed at preventing money laundering and terrorist financing.
In compliance with legal provisions, the Anti-Money Laundering Function adopts specific procedures to help employees and collaborators within the company to report any potential or actual violations of the anti-money laundering and terrorist financing regulations, ensuring that:
- the identities of both the whistleblower and the alleged perpetrator of the violations remain confidential, without prejudice to the rules that govern the investigations and proceedings initiated by the judicial authority in relation to the events reported;
- the individual who made the report is protected against retaliation, discrimination or otherwise unfair conduct following the report;
- a specific reporting channel is provided that is anonymous, independent, and proportionate to the nature and size of the obliged entity.
For more details on general principles, roles, responsibilities and process guidelines regarding Internal Violation Reporting Systems, please refer to the Detailed Procedure.
Counter-terrorist financing measures
The internal control system defined by the Anti-Money Laundering Function must include safeguards aimed at preventing the use of the financial system for the financing of terrorism, in compliance with the resolutions issued by the United Nations Security Council pursuant to Chapter VII of the United Nations Charter. The objective of the legislative provisions is to freeze funds and economic resources held directly or through an intermediary by persons, groups and/or entities subject to restrictions in compliance with the criteria and procedures defined by the resolutions of the United Nations Security Council or by a dedicated committee.
The national regulatory framework, in this case, is Decree 109/2007 and the Anti-Money Laundering Decree, which confirms the validity of the previous provisions.
In order to identify any natural person, legal person or entity subject to restrictive sanctions, Young must define internal procedures in order to verify that customers (whether occasional and/or already acquired) belong to the anti-terrorism lists by means of the IT outsourcer Nordest Technology, such as:
- UN or Al-Qaeda list relating to individuals involved in acts of international terrorism and subject to restrictive sanctions on the recommendation of the Security Council;
- Consolidated list of persons, groups and/or entities subject to asset-freezing measures in the European Union;
- OFAC list, which lists individuals reported by the US authorities due to their involvement in activities aimed at undermining security and peace, both with reference to the United States and foreign countries.
If the aforementioned check shows that the individuals and/or entities are on anti-terrorism lists, Young must undertake to:
- Freeze the funds of any natural and legal persons identified as being on the aforementioned lists. These funds cannot therefore be transferred or managed; if they are, such acts will not be considered valid;
- Put in place timely flows of information to the Anti-Money Laundering Function;
- Carry out any further investigation that may be necessary;
- Evaluate whether the transactions carried out are suspicious and, if necessary, report them to the FIU.
In compliance with Article 7 ‘Communication obligations’ of Decree 109, Young is also obliged to:
- Notify the FIU of the freezing measures applied to the designated persons, indicating the names, the amount and the nature of the funds or economic resources. This information must be provided within 30 days of the date on which the EU regulations or UN resolutions enter into force, or of the date on which the funds or economic resources are frozen (if later);
- Report to the competent Authorities the freezing measures or existing relationships with customers included on the lists published by those Authorities, as well as transactions linked to the financing of terrorism;
- With regard to economic resources, inform the Special Unit of the Currency Police of the Guardia di Finanza.
The procedure to follow in these cases is defined in detail by the Anti-Money Laundering Function in the Due Diligence Procedure.
Self-assessment process for money laundering and terrorist financing risks
International and EU legislation has established the requirement for obliged entities to periodically carry out a self-assessment of money laundering and terrorist financing risks. The key principle of this obligation lies in the adoption of an approach to risk that reflects the obliged entity’s real exposure to the risk and the fine-tuning of safeguards with respect to changing market conditions. The Italian legislature has regulated this obligation pursuant to Article 15 of the Anti-Money Laundering Decree, and the Bank of Italy has further detailed it in Part VII of the Organisation provision.
In compliance with the applicable legislation, the risk self-assessment process at Young is divided into the following three macro-phases:
- Identification of inherent risk: assessment of the current and potential risks of money laundering and terrorist financing to which Young is exposed;
- Vulnerability analysis: analysis of the adequacy and effectiveness of the apparatus and measures adopted by Young to prevent and counter the risks previously highlighted, with the aim of identifying any vulnerabilities;
- Determination of residual risk: identification of the residual risk to which Young is exposed and the corresponding mitigation actions proposed downstream of the exercise, including in relation to the vulnerabilities detected.
This exercise is coordinated by the Anti-Money Laundering Function, which is responsible for the following actions:
- Defining the methodological guidelines on risk self-assessment;
- Overseeing and consolidating the results;
- Assessing the residual risk within the scope of the report to be submitted to the Authorities.
The results of the self-assessment operation must be included in the annual report produced by the Anti-Money Laundering Function.
Upon completion of the above, the Anti-Money Laundering Function will consider, in defining its internal methodology for the purposes of self-assessment, the Bank of Italy’s Provisions on the matter.
The results of the self-assessment expressed in the annual report, as well as the annual opinions expressed to the BoD by the Anti-Money Laundering Function, are taken into account by the BoD, the CEO and the BSA in order to update this Policy if necessary.
Young promotes and organises specific training programmes aimed at making all employees, collaborators and Corporate Bodies aware of their roles and responsibilities deriving from the obligations set out in the legislation on anti-money laundering and counter-terrorist financing, as well as the corresponding behaviours, procedures and tools that must be adopted in order to comply with these regulations.
The training programmes take into account developments in the relevant regulatory context and are divided according to role and function, with a particular focus on personnel belonging to the Anti-Money Laundering Function and employees/collaborators who carry out activities considered susceptible to the risks of money laundering and terrorist financing.
In this regard, the training programmes have been prepared with a particular focus on the subject of customer due diligence as well as recognising and evaluating any transactions related to money laundering or terrorist financing.
To this end, Young must promote:
- training activities regarding the procedures for carrying out appropriate controls, with particular reference to enhanced controls, as well as the sharing of case studies with the aim of establishing uniform criteria for the identification and assessment of suspicious transactions;
- specific awareness-raising initiatives in relation to highly critical areas in order to guarantee a uniform approach.
Anti-money laundering training programmes must be drawn up by the Anti-Money Laundering Function.
13.1. Information flows to Corporate Bodies
Given the responsibilities of the BoD, the CEO and the BSA of Young with reference to managing the risk of money laundering and terrorist financing, these bodies must be periodically informed by the Anti-Money Laundering Function regarding the risk control level.
The main reporting flows are summarised below:
Flow Anti-money laundering activity plan
Type Schedule of activities to be carried out
Recipient CdA, AD, CS
Flow Final report
Tipologia Activities carried out Results of control activities Weaknesses identified Management/mitigation activities Training activities Progress report on the adaptation initiatives defined in the self-assessment exercise
Recipient CdA, AD, CS
Flow Prompt reporting of serious violations or shortcomings
Type Violations or shortcomings considered significant in terms of severity
Recipient CdA, AD, CS
Frequency Per event
For details of the information flows to other Control Functions, please refer to the Anti-Money Laundering Manual.
- Freezing of funds: Preventing, by virtue of EU regulations or national legislation, any move, transfer, alteration, use of, access to, or dealing with funds in any way that would result in any change in their volume, amount, location, ownership, possession, character, destination or other change that would enable the funds to be used, including portfolio management.
- Identification data: The name and surname, place and date of birth, registered residence and domicile (where different from the registered residence), ID document details and, when assigned, the tax code, or, in the case of subjects other than a natural person, the name, the registered office and, when assigned, the tax code.
- Cash: Banknotes and coins, in Euro or foreign currencies, holding legal tender status.
- Anti-Money Laundering Function (AMLF): The Corporate Function responsible for continuously verifying that the company’s procedures are consistent with the objective of preventing and combating any violation of external regulations (laws and regulatory norms) and internal regulations regarding money laundering and terrorist financing.
- Corporate Control Functions: The Corporate Functions responsible for second-level controls (Compliance, Risk Management, Anti-Money Laundering) and third-level controls (Internal Audit).
- Control Functions: The set of functions responsible for controls as laid out by legislation, regulations, statute or self-regulation.
- FATF: Financial Action Task Force.
- Payment methods: Cash, bank and postal cheques, cashier’s cheques and any other similar or comparable cheques such as money orders, postal orders, credit or payment orders, credit cards and other payment cards, transferable insurance policies, pledges and any other instrument that allows for the transfer, movement or acquisition (including electronically) of funds, assets or financial resources. This definition is given in Article 1(2)(i) of the Anti-Money Laundering Decree.
- Split transaction: A single transaction in terms of economic value, of an amount equal to or greater than the limits established by current regulations, implemented through several transactions, each lower than the aforementioned limits, carried out at different times and in a limited period of time fixed at seven days, without prejudice otherwise to the existence of a split transaction when there is evidence to consider it as such.
- Occasional transaction: A transaction not attributable to an ongoing relationship.
- Transaction: An activity consisting of the movement, transfer or transmission of payment methods or of transactional acts concerning assets; the stipulation of a transactional act concerning assets, as part of professional or commercial activities, also constitutes a transaction.
- Corporate Bodies: BoD, CEO and Board of Statutory Auditors.
- High-risk third countries: Non-EU countries whose jurisdictions have strategic deficiencies in their national anti-money laundering and counter-terrorist financing regimes, as identified by the European Commission in exercising the powers referred to in Articles 9 and 64 of the Directive.
- Politically Exposed Persons (PEPs): Individuals who occupy or have occupied important public offices within the past year, as well as members of their family and those who have well-known close ties with the aforementioned individuals, as listed below:
- Individuals defined as those who occupy or have occupied important public offices are those who hold or have held the office of:
- President of the Republic, President of the Council, Minister, Vice-Minister and Undersecretary, President of the Region, regional executive councillor (‘assessore’), Mayor of a provincial capital or metropolitan city, Mayor of a municipality with a population of at least 15,000 inhabitants, and similar offices in foreign countries;
- Member of the Chamber of Deputies, Senator, Member of the European Parliament, regional councillor (‘consigliere’) and similar offices in foreign countries;
- Member of the governing bodies of political parties;
- Judge of the Constitutional Court, magistrate of the Supreme Court or of the Court of Auditors, member of the Council of State and other members of the Administrative Justice Council for the Sicily Region as well as similar offices in foreign countries;
- Member of the governing bodies of central banks and independent authorities;
- Ambassador, chargé d’affaires or equivalent positions in foreign countries, high-ranking officer in the armed forces or similar offices in foreign countries;
- Member of the administrative, management or control bodies of companies controlled, including indirectly, by the Italian state or by a foreign state or owned, predominantly or totally, by the Regions, provincial capitals and metropolitan cities, or municipalities with a total population of at least 15,000 inhabitants;
- Director of a Local Health Authority, hospital, university hospital or other national health service organisation;
- Director, deputy director and member of the board or any person carrying out equivalent functions in international organisations;
- Family members of Politically Exposed Persons are: the parents, the spouse or the person linked in civil union, de facto cohabitation or similar institutions to the politically exposed person, children and their spouses as well as the persons linked to the children in civil union, de facto cohabitation or similar institutions;
- Subjects with whom Politically Exposed Persons have well-known close ties are:
- Individuals linked to the politically exposed person due to the effective joint ownership of legal entities or other close business relationships;
- Individuals who formally hold total control of an entity known to be constituted in the interest and to the benefit of a politically exposed person.
- Ongoing relationship: Relationships that meet the following criteria fall within the definition of an ongoing relationship: i) the existence of an ad hoc contract agreement with the customer, i.e. one not connected to an ancillary service; ii) the temporary nature of the relationship; iii) the right to move or transfer means of payment; iv) the ability for the customer to carry out multiple transactions within the same relationship.
- Suspicious Transaction Reporting Officer (or STR Officer): The person responsible for assessing the suspicious transaction reports received and passing on the reports deemed justified to the Financial Information Unit (FIU).
- Risk of money laundering and terrorist financing: Refer to the definitions found in this Policy.
- Transfer of funds: A transaction carried out at least partially by electronic means on behalf of a sender by a payment service provider, for the purpose of making the funds available to the recipient through a payment service provider, regardless of whether the sender and the recipient are the same subject and whether the sender and the receiver have the same payment service provider, including: a) credit transfer, as defined in Article 2(1) of Regulation (EU) No. 260/2012; b) direct debit, as defined in Article 2(2) of Regulation (EU) No. 260/2012; c) national or cross-border money remittance, as defined in Article 4(13) of Directive 2007/64/EC; d) a transfer made using a payment card, an electronic money instrument or a telephone.
- FIU: Financial Intelligence Unit for Italy.
Wallet: A secure digital wallet used to store, send and receive digital currency.