DCX EXCHANGE PLATFORM

COMPLIANCE INFORMATION | FRAMEWORK

1) INTRODUCTION 

Malaysia is a highly open, upper-middle income economy with exposure to a range of money laundering threats.  The country’s porous land and sea borders, visa-free entry policy for nationals from over 160 countries, strategic geographic position, and well-developed financial system increase its vulnerability to domestic and transnational criminal activity, including fraud, corruption, drug trafficking, wildlife trafficking, smuggling, tax crimes, terrorism.
  
 Malaysia has largely up-to-date AML legislation, well-developed policies, institutional frameworks, and implementation mechanisms.  The country has shown continuing progress in efforts to improve AML enforcement by increasing money laundering investigations, prosecutions, and convictions.  One key area for development is the prosecution of foreign sourced crimes.  

Primary law governing ML/ FT in Malaysia is the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA). Pursuant to AMLA, the main financial services authorities in Malaysia are Bank Negara Malaysia (BNM) and Labuan Financial Services Authority (LFSA). 

The Authorities in Malaysia bound to comply with all AML.CFT regulation and guidelines to manage all the risk from preventing themselves being used as vehicle on the illegal activities by imposing various AML/CFT regulations and guidelines to all the financial institution.

Under Section 4 of the AMLA, any person who commits a money laundering offence and shall on conviction be liable to imprisonment for a term not exceeding 15 years and shall also be liable to a fine of not less than 5 times the sum or value of the proceeds of an unlawful activity or instrumentalities of an offence at the time the offence was committed or five million ringgit, whichever is the higher.

2) PRINCIPLE FROM DCX

2.1 DCX has drafted our Anti-Money Laundering and Counter Financing Terrorism Manual (AML Manual) according to the AMT/ CFT guidelines issued by BNM and LFSA for providing proper safeguard on all our members of DCX Capital. Besides that, this manual would also assist our member understands and complies with the requirements and obligation under the Malaysia Law.

2.2 DCX is responsible to prevent all AML/ CFT activities by establish “Know your Client” (KYC), Customer Due Diligence (CDD) and also Risk-based Approach (RBA) knowledge in the client identification and verification process.

2.3 Overall, DCX should improve self-awareness on the AML/CFT laws and regulation to our members as to understand the consequences of non-compliance also this will create an harmony and good trading environment.

3) DEFINITIONS AND INTERPRETATIONS 

3.1 “Account” means the account registered by Users for our Trading Platform; 

3.2 “App” means our mobile application(s) in providing relevant Services to our Users; 

3.3 “Authorised Third Parties” has the same meaning as described in our Privacy Policy; 

3.4 “Client” or “Clients” means individual(s) who has/have registered, subscribed, ordered and/or purchased any of our Services; 

3.5 “Trading Platform” means and includes our Website, App, and any other medium (be it electronic or non- electronic) as we may think relevant to be considered as our business platform. 

3.6 “Privacy Notice” means our notices in both Bahasa Malaysia and English pursuant to section 7 of the Personal Data Protection Act 2010, and shall be read together with these Terms. For the purpose of these Terms, Privacy Notice shall also include our Privacy Policy; 

3.7 “Services” means our solution services, products, and/or features offered and provided by us through our Trading Platform, and to some extent, services, products and provided by our Authorized Third Parties service providers and operators; 

3.8 “DCX” or “we” or “us” or “our” means DCX Capital Ltd, its subsidiary(ies), and/or its authorised agent(s), and to certain extent as may be determined by us, may also include its Authorised Third Parties; 

3.9 “User” or “Users” means the person(s) who register(s), access(es), visit(s) and/or use(s) our Trading Platform, and shall include our Clients; and 

3.10 “Website” includes DCxchange.com browse via a computer or any device, any subdomains of DCxchange.com, and its mobile site (browse through a mobile device); 

4)METHOD OF RISK ASSESSMENT

4.1 RISK BASED APPROACH

A risk based approach is a process that allows you to identify potential high risks of money laundering and terrorist financing and develop strategies to mitigate them. Existing obligations, such as your client identification, will be maintained as a minimum baseline requirement.

According to the principles of a risk-based approach, the same Know Your Customer (KYC) procedures should not be applied to a customer with high risk and a customer with a normal risk level

4.2 Key Features

a) Profile Management

i) Customer details

ii) Customer occupation

iii)Customer nationality

iv)PEP identity

b) Geographical Evaluation

i)Customer origin

ii)Customer business place

c) Product and Service Evaluation

i) Type of products and services

ii)Online to Offline (O2O) method

iii)Face to Face relationship

iv) Non Face to Face relationship

4.3 Risk Assessment

DCX shall perform the following on each customer for our risk assessment:-

1. Evaluate customer profile and consider all the risk identified.

2. Review and determine the level of overall risk (low, medium, high) based on the risk measurement.

3. Appropriate risk mitigation method on case by case basis on the risk level.

4. Approach on-going monitor for the high level risk customer database

4.4 Risk Mitigation

DCX shall apply appropriate mitigation approach to manage the risk by conducting enhanced due diligence (EDD) on our customer if any.

5)KNOW YOUR CUSTOMER (KYC)

5.1 Customer Due Diligence

Know Your Customer and Customer Due Diligence procedures are performed to know who the customers really are and to verify their work and identity. These procedures are the most fundamental building blocks of effective AML compliance management.

Within the scope of these procedures, risks can be determined in the first relationship with the customer and afterward, and necessary actions are taken according to these risks. Accurately assessing the risk level of customers' money laundering is an important prerequisite for a "risk-based" approach. Analyzing risks may be incomplete if accurate customer due diligence has not been done.

5.2 Verification and Identification on Customer

DCX shall perform the following to understand our customer to ensure all documents is proper validated and checking accuracy.

1. Establishment of a business relationship

2. Changes in customer profile of CDD

3. Doubt and suspicion on any of the transaction

4. Case by case basis randomly audit by Compliance Officer

5.3Requirements on Know Your Customer (KYC)

a) Personal

1. Full name

2. Date of birth

3. Residential address

4. Nationality

5. Passport

6. Photograph which match with identification document

b) Legal Entity

1. Customer information sheet

2. Certificate of Incorporation copy

3. Registered office address

4. Director/ Board resolution if necessary

5. List of the senior management

5.4Risk Assessment

a) DCX reserve the right to request further documents as to ensure that it is fully satisfied with the right ownership and control structure of beneficial owners as below:-

1. Identity of the every director

2. Identity of the shareholder and partnership with equity interest

3. Confirmation of the ultimate beneficial owner if any

4. Documents that proof of authority of a nominee or representative such as director resolution or letter of authorisation.

5. Any other information may be required by Compliance Officer from time to time

b)DCX may obtain the identity of senior management where there is an absence or any impractical of identify on beneficial owner.

c)DCX shall take the steps below on any suspicion or doubt in the process of identification and verification on the documentation:-

1. Basic search on the background of the individual or legal entity to ensure it is not in the process of dissolution or liquidation or bankruptcy

2. Lodge verification enquiries on the authenticity of the information provided with relevant authorities

5.5Simplified Due Diligence (SDD)

a) DCX is allowed to perform simplified due diligence (SDD) on our lower risk customer such as those pursuant to the standards and guideline issued by the local relevant authorities.

b) SDD may be applied to the entities below:-

1. Public Listed Companies

2. Government-linked Companies

3. Financial Institutions under prescribed rules and regulation bodies such as (LFSA, BNM, MAS and etc)

4. Legal Entity registered and licensed under Capital Market and Services Act 2007

c) In the event of higher risk identification or existence of suspicion or doubt circumstances, SDD shall not apply on these customer and shall be fall under risk mitigation on EDD. DCX need to ensure all relevant information is accurate before making any decision on the said application.

5.6Enhanced Due Diligence (EDD)

a)DCX shall apply enhanced due diligence (EDD) in the event of higher risk client profile identified. Further enquiries shall be taken place in order to indemnify the accurate information.

b)EDD process would include the following:-

1. Requesting additional information from the customer pertaining to their source of income/ wealth and etc

2. Interview with customer for the reason on the certain transactions

3. Perform regular update on the CDD for the designated customer

4. Perform on-going monitoring on the business relationship regularly for a specific time to ensure nothing suspicious event detected.

5. Obtaining letter approval from the senior management on the continuation of business relationship

5.7Third Party Customer Due Diligence (CDD)

a)DCX reserve the right to rely on a third party customer due diligence subjected to third party’s information is identified by the government which having AML/ CFT deficiencies.

b)DCX is aiming minimize the ML/ FT risk by establishing proper policies and procedures to review the reliance on third parties information especially from a foreign jurisdiction.

c)DCX shall maintain good relationship with third parties which governed by a proper manner in term of helping each other to reduce the ML/ FT risk as below:-

1. Proper record keeping

2. Integrity and reputation

3. Accuracy on information

4. Establishment of CDD process and procedure

5. Supervised by AML/ CFT framework

6. Sharing on the relevant information upon request

7. Common understanding on the ML/ FT risk

5.8Customer Relationship

1. Existing Customer

DCX is required to perform basic CDD on all the information and ensure all information is always relevant and up to date. DCX reserve the right to assess the information for further risk assessment as below:-

1. Nature on the transaction

2. Inadequate or change on our customer CDD

3. Any significance change in the transaction

2. Non Face To Face Customer relationship

DCX shall extra cautious on such business relationship with non face to face customer through internet this day which due to exposure of higher risk on ML/ FT. As such, DCX should conduct more detail CDD by providing more adequate monitoring and procedure while accepting the application to mitigate any potential ML/ FT risks.

5.9Politically Exposed Persons (PEPS)

a)A politically exposed person (PEP) is defined by the Financial Action Task Force (FATF)as an individual who is or has been entrusted with a prominent public function.

2. PEPS defined in to domestic PEP and foreign PEP

1. Domestic PEP

2. Foreign PEP

2. DCX shall conduct the CDD with extra careful as PEP may be influential and dominant enough to attract bribes and corruption by using their special position.

2. PEP is including their family members examples, spouse, parents, relative in-law, siblings, children also any close associates such as business partners.

2. DCX required to exercise EDD on such customer especially our customer identified to as PEP as to reduce the ML/ FT risk.

2. Appropriates measure work need to be taken to mitigate the risk by establishing a proper policies and procedure with our customer.

2. Furthermore, DCX may conduct the following during EDD:-

i)Enhanced external audit work carried out by reducing the ML/ FT risk on PEP

ii)Perform random checking on the transaction from time to time

3. Set up trading limit on the transaction for PEP if necessary

2. Addition to EDD, DCX shall conduct on-going monitoring on PEP which higher risk level. The process shall be included as below:-

i)Customer CDD information is always up to date as putting it on reminder list

ii)Screening process must be more cautious and more detail as digital assets classified as high risk transaction as it is easy to be compromised, fraud, identity theft, ransom, and any other crime.

iii)Ensure the source of fund is validated, legal to use with permitted to transact in the market.

2. DCX shall evaluate the on going monitoring approach based on case by case basis especially on the PEP which consist of high level risk on the transaction. Normally, on going monitoring approach would not apply on lower risk level customer.

2. DCX shall conduct risk assessment before any adoption on new products, services and practices then publish in the market.

2. DCX shall assess and identify any potential ML/ FT risks on any new products, services and practice offer in the market by adopting appropriate measure to mitigate the risk.

5.10Management Information System (MIS)

a)Establishment on management information system is a mandatory for DCX as to minimise the ML/ FT risk by better detection on the potential ML/ FT risk. It could provide us a great support with accurate and timely information.

b)DCX is concerning the MIS commensurate with our database as to ensure all the information is accurate as below:-

i)Risk profile management

ii)Large transactions

4. Unusual or duplicate transactions

5. Exceeding transaction on a particular threshold

6. Simplify the complexity of transactions

7. Organisation on the customer profile

8. Monitoring on the high risk level customer

5.11AML Transaction Monitoring

The customer's money laundering risk rating should be applied appropriately. Within the scope of these applications, monitoring or restricting real-time transactions takes an important place. With regard to certain types of customers, organizations must combine their risk characterizations to increase monitoring or restriction measures in their business operating systems. Considering that large organizations mediate thousands of transactions per day, performing these controls manually in today's technology is a huge waste of time and inefficient. For this reason, DCX prefer to use the AML Transaction tools. In line with the risk-based approach within the scope of Transaction Monitoring and AML compatibility, customer transactions are monitored instantly, and the system can give a warning in case of doubt.

5.12Non-Compliance

DCX will not tolerance on any non-compliance event and shall act according under AMLA which leads to an enforcement action from local authorities.

1. Suspicious Transaction Report (STR)

In the event of DCX found any non-compliance case, DCX will establish internal red flag list on the suspicious transaction and submit to the local authorities, BNM and LFSA.

Suspicious transaction would be consist of below:-

1. Illegal

2. Unusual

3. Doubt in the transaction

4. Fund from unlawful activities

5. Fund from customer who involved in ML/FT

Documents which will be submitted along together with STR to local authorities as below:-

1. Nature of the transaction

2. All customer CDD information and document

3. Business relationship between customer on the transaction

4. Any other information requested by the local authorities

2. Internal Reporting

Staff on duty shall submit internal suspicious transaction report to Compliance Officer at head office immediately if discover any suspicious transaction. Compliance Officer will evaluate carefully within reasonable time with all relevant information and documents. The evaluation process shall be properly documented as evidence for supporting document before render the STR to the local authorities.

3. External Reporting

1. Compliance Officer is having absolute right to determine an external reporting which is the STR to the local authorities if concluded it is suspicious transaction. STR shall be submitted within the next working day, from the day Compliance Officer made the final review.

2. No STR required if the Compliance Officer determined it is not suspicious transaction after the risk assessment. Finding on the assessment shall be documented for future reference.

3. STR shall submit to the following parties:-

BANK NEGARA MALAYSIA FINANCIAL

INTELLIGENT & ENFORCEMENT DEPARTMENT

LABUAN FINANCIAL SERVICES AUTHORITY

SUPERVISION & ENFORCEMENT DEPARTMENT

4. Tipping Off

1. Wherever any suspicious detected, DCX isprohibited by law from disclosing (“tipping-off”) the fact that a suspicious transaction report or related information to the suspect.

2. Tipping off a money launderer can include:

• changing the way the company handles the account

• informing other people not related to the investigation of the suspicions

• directly alerting them of a suspicion
   

5.12 Proper Record

According to AMLA act, all the relevant records which including accounting documents, files, customer database, transaction records is required to keep for a period of not less than six (6) years following the date of completion of the transaction or the date of termination of the business relationship. All documents must updated as to date.

6 COMPANY MANAGEMENT

6.1 Employee Screening

Employee screening can be defined as a process in a prospective employee is investigated to verify qualifications. DCX is committed for selection of our employee. All our employee from DCX shall carry out professionalism, integrity and good ethic.

DCX shall review all our employee personal information such as financial standing, past employment history, family background and criminal record during interview.

6.2Board of Directors

Role of model for all the directors as below:-

1. Well awareness on their responsible in managing ML/ FT risks

2. Fully understand the AML legal framework as well as the industry’s practice standard

3. Provision of implementation safeguard on the ML/ FT risk

4. Accountable and responsible on all relevant affairs matters relates to AML

5. Establish the best mechanisms to ensure AML/CFT policies and procedures to be review in regular mode.

6. Ensure efficient and effective internal audit carried out in fair environment

7. Establish MIS that assist the organisation to screen all the documents in perfect system.

8. Review the implementation of AML/CFT policies and procedures submitted by the Senior Management and Audit Committee

9. Approve AML/CFT policies and procedures on the proper record submitted by Senior Management

6.3Senior Management

Roles and responsible of senior management as follows:-

1. Establish and formulate the AML/ CFT policies and procedure as ensure all risk assessment able to perform in good manner

2. Fully understand and well awareness on the ML/ FT risk assessment as coverage of the industries

3. Allocation on adequate resources to administer of the AML/CFT framework in line with company MIS.

4. Appointment on a Compliance Officer

5. Provision of training on AML/ CFT awareness practice to all employees

6. Ensure employee carried out professionalism, integrity by establish proper assessment merit system.

7. Ensure all employee understand and well aware on the AML/ CFT risk by imposing proper channel of communication

8. Highlight any AML/ CFT issues to Board of Director as regular basis.

6.4Compliance Officer

1. Compliance Officers are responsible for ensuring that all corporate processes and procedures comply with the law and not only the law, a Compliance Officer is also responsible for ensuring that company operations comply with internal standards too. Without a Compliance Officer who actively monitors and drives compliance management, companies run the risk of violating applicable laws and regulations, thus exposing themselves to potential reputational damages and fines.

2. Compliance Officer communicates directly with the management and is

involved in business decisions, they also play an advisory role. Unlike an external consultant, however, a Compliance Officer actively helps to shape these business decisions and seeks solutions to achieve business objectives while complying with all laws and regulations.

3. Compliance Officer’s job to assess and identify potential risks within the company, develop proposals for dealing with and avoiding compliance risks, optimise existing processes and procedures and, if necessary, strengthen their department with additional resources and staff.

4. Key roles and responsibles:-

1. Monitors all operational processes and procedures using a compliance management system to ensure that the company complies with all legal regulations and ethical standards.

2. Manages information flow by researching, recording and analysing data and information. With a regular flow of information and conducting compliance risk assessment, they ensure that the business runs smoothly.

3. Trains and educates staff so that they are informed of any legal changes and updates to compliance guidelines.

4. Acts as contact person and liaison between department heads and senior management.

5. Conducts regular assessments to determine whether policies are compliant with the law.

6.5 Audit Committee

a) Audit committee shall selected by the Senior Management and also report directly to Senior Management.

b) Audit committee shall equip with reliability, integrity and timeliness of internal and regulatory reporting management information system.

c) Audit need to be conducted once a year and shall submit written internal audited report to the board which highlight the audit result with relevant recommendation. This audit report shall then be submitted to the Supervision and Enforcement Department of LFSA within three (3) months upon completion of the internal audit within ten (10) days after submission to the Board.

7. OTHERS

7.1. Compliance Awareness Training ( CAT )

a) Regulatory compliance is an organization's adherence to laws, regulations and guidelines relevant to its business processes. It is important that company conduct often CAT to its employees for the formal code of conduct.

b) All DCX members shall be educated and explained with sufficient knowledge and understanding of their AML/ CFT duty and responsibilities under the law and regulations.

c) All training programme shall be recorded in each employee profile.

d) All training programme shall be conducted in accordance of AML/ CFT policies and procedures.

7.2 Combating Terrorism Financing

a) Combating the Financing of Terrorism (CFT) is a set of government laws, regulations, and other practices that are intended to restrict access to funding and financial services for those whom the government designates as terrorists.

b) Combating the Financing of Terrorism (CFT) is focused on restricting the movement of funds to terrorist organizations.

c) It may focus on a variety of entities, such as banks, charities, and businesses, and a number of activities, such as regulation, supervision, and reporting.

d) Most CFT policies are efforts made to identify and halt the movement and laundering of funds, which in some cases may be disguised as legitimate financial transactions, used to finance terrorist activities. 

e) The primary body driving CFT is the Financial Action Task Force (FATF), a cooperative arrangement among 37 countries that work together to make policy and share information.

f) DCX shall promptly work under CFT policies by screening all new and existing customer under AMLA policies and procedures.

g) DCX shall take action against on those match participants who involved in CFT as follow:-

h) Reject the application/ cease the business relationship

i) Freeze the customer fund and block the transaction if necessary

j) Termination on the membership and stop any transaction

k) File and submit STR to the local authorities