AML/KYC

Definitions
1. Introduction

1. Meaning of the document

Within the scope of its business activities, the company Bright Technologies s.r.o. provides services that may be abused by a customer for legalization of revenues from criminal activities or for terrorism financing.
So, as it is possible to efficiently reduce, aggravate or eliminate such illegal activities in full, the valid legal regulations of the Czech Republic impose fulfilment of many obligations on the company Bright Technologies s.r.o. For that purpose, the company Bright Technologies s.r.o. issues this binding document – the System of Internal regulations, Procedures and Control Measures, transposing the obligatory obligations into the environment of services provided by the company.
In a simplified way: legalization of revenues from criminal activities (in laic terms: „money laundering“) means an activity when a customer uses the services of the company Bright Technologies s.r.o. for covering illegal origin of his property or to make its back tracking difficult. So as to legalize the revenues from criminal activities, the offenders use similar methods like for terrorism financing and that is why abatement of the two illegal activities was joined and it is performed simultaneously, using nearly identical methods. Similar rules as those applied in Bright Technologies s.r.o. are binding for similar types of business in the Czech Republic as well as in other countries, because money laundering and terrorism financing is nearly always performed on international level.
More, the company Bright Technologies s.r.o. must also apply sanction measures (similarly to anyone else) applied by the Czech Republic in relation to quite a wide group of natural persons and legal entities. That means permanent checks whether a customer is subject to international sanctions or not, respectively fulfilment of other procedures as described here below.
In practice, it is highly probable that non-fulfilment of procedures as per this document will cause a breach or omission of statutory obligations with all and any consequences.

General Terms

2. AML Act

For the purposes of this document, the AML act means Act No. 253/2008 Coll. on some measures against legalization of revenues from criminal activities and terrorism financing, as amended.

3. Legalization of revenues from criminal activities

According to the AML act, legalization of revenues from criminal activities means activities that are to cover illegal origin of any economic benefit emerging from criminal activities with the aim of establishing an appearance that the property benefits were obtained in compliance with law; the above stated activities include for example:
1. change or transfer of property while knowing that it originates from criminal activities for the purpose of its secrecy or hiding its origin or with the purpose of helping a person participating in such illegal activities to avoid legal consequences of his behaviour,
2. keeping secret or hiding the real character, source, movement of property or its handling or change of rights related to property while knowing that it originates from criminal activities,
3. obtaining, keeping, using the property or its handling while knowing that it originates from criminal activities, or
4. criminal conspiracy of persons or any other form of unification with the purpose of activities specified in previous points.

4. Terrorism Financing

According to the AML act, terrorism financing includes:
1. collection or provision of financial means or other property while knowing that it will be used – even partially – for committing a crime of terror, terrorist attack or a criminal act that should allow or assist in committing of such a criminal act or that should support a person or a group of persons preparing for committing such a criminal act, or
2. behaviour leading to provision of remuneration or compensation of an offender of a criminal act of terror, terrorist attack or a criminal act that should allow or help in such a criminal act commitment, or persons close to the offender according to penal law, or collection of means for such a remuneration or compensation.
Terrorism financing also means financing of mass destruction weapons distribution, i.e., collection or provision of financial means or any other property while knowing that it will be used – even partially – by the distributor of mass destruction weapons or for such weapons distribution in contradiction with international law requirements.

5. Obliged person

According to the AML Act, an obliged person means the company Bright Technologies s.r.o., with its registered seat in Chudenická 1059/30, Hostivař, 102 00 Praha 10, company ID: 21144079 for activities of providing of services related to a Virtual assets.

6. Customer

For the purposes of this document, a customer means any natural person or legal entity:
1. which the company Bright Technologies s.r.o. established business relation with, or
2. which started negotiations with Bright Technologies s.r.o. on business relation establishment (i.e., it showed interest in a business relation establishment), or
3. which the company Bright Technologies s.r.o. already finished business relations with
4. which becomes a virtual assets service user of the company Bright Technologies s.r.o.
It is not decisive whether it is a natural person or a legal entity carrying business or not. In case of a legal entity, it is supposed that one concrete natural person always acts on behalf of it (e.g., a member of the statutory authority, an employee, etc.).

7. Virtual Assets Service

For the purpose of this document, the virtual assets service means any handling of customer’s property or provision of a service to a customer as mentioned in §4(8) of AML Act, and contain next services:
1. Virtual assets wallet service:
  1. means a service in the framework of which keys are generated for customers or customers’ encrypted keys are kept, which can be used for the purpose of keeping, storing and transferring virtual assets;
2. Virtual assets exchange service
  1. means a service with the help of which a person exchanges virtual assets against a fiat currency or a fiat currency against virtual assets or virtual assets against another virtual assets;
3. which is not contained in previous point, but it is directly connected with such an activity.

According to §4(9) of AML Act, virtual asset means an electronically storable or transferable unit that is:
capable of performing a payment, exchange or investment function, whether or not it has an issuer, unless it is
a security, an investment instrument, or a monetary instrument under the Act on Payments,
an entity referred to in Section 3(3)(c)(4) to (7) of the Act on Payments, or
a unit by which a payment is made pursuant to Section 3(3)(e) of the Act on Payments, or
a unit referred to in point (a)(ii) and which can ultimately be used to pay only for a narrowly defined range of goods or services which includes an electronically storable or transferable unit referred to in point (a).

A virtual assets service also means any service provided without appropriate authorization, registration or license, even though it would be in contradiction with law.

8. Business relation

A business relation means a contractual relation by and between the customer and the company Bright Technologies s.r.o., based on which the customer is provided with virtual assets service. A business relation is usually established on the basis of a frame contract on provision of virtual assets service. The company Bright Technologies s.r.o. provides virtual assets service on the basis of business relations only, not on the basis of an agreement on a lump-sum payment transaction.

9. Customer’s instruction

Customer’s instruction means any instruction issued by the customer or by a person authorized to act in this matter on customer’s account, requiring for the company Bright Technologies s.r.o. to provide a virtual assets service or to make another act within the scope of the virtual assets service provided, e.g., a Virtual asset order.
It is not important in which way was the customer’s instruction handed over to Bright Technologies s.r.o. (electronically, by phone, personally or in any other way). It is also not important whether the customer’s instruction was accepted or not.

10. Staff setting

The obligations set out in this document apply to certain groups of employees - in particular the employees, the AML officer and the responsible person. They also apply to any person who may encounter a suspicious transaction or perform any of the activities described in this document, as well as other persons. All of these people may potentially encounter trade suspected of attempting ML-FT.
It is irrelevant whether it is a direct employee or a work performed on the basis of another relationship or without any relationship (even as a free aid).
Unless the company Bright Technologies s.r.o. is capable of ensuring the full and error-free performance of its obligations under this document and the Risk Assessment, it must reduce or even suspend virtual assets service activity until such a defect ceases, unless this is in conflict with the obligations under the legal regulations. This is the case, for example, in the event of a sudden failure of employees and replacement by temporary under-experienced assistance. Thus, ML-FT prevention activities must at all times be adequately staffed (both qualitatively and quantitatively). Responsibility for meeting this obligation lies with the responsible person.
Furthermore, the responsible person is responsible for selecting the persons who are bound by this document. The responsible person shall always verify that the employee is able to fulfil the obligations laid down in this document before recruiting a new employee for the position concerned by this document or before transferring an existing employee to that position. These abilities / skills include:
1. sufficient language skills of the employee to handle communication with a typical customer
2. sufficient employee awareness of the management and ownership structures of the customer, which is a legal entity, so that he / she can perform his / her duties perfectly for this type of customer
3. sufficient computer skills and software that is used to enable the employee to make full use of these resources to fulfil their duties
4. sufficient and professional ways and integrity in dealing with the customer to be able to correctly communicate the requirements for identification and possible control of the customer (to explain to the customer the reasons for the requested information and insist on it, not to be “persuaded” by the customer)
5. sufficient knowledge of all procedures set out in this document and the Employee Risk Assessment achieved by the training.

11. AML officer

A person identified in this document as an AML officer means a person authorised to arrange compliance of business activities of the company Bright Technologies s.r.o. with legal regulations in the field of avoidance of proceeds from criminal activities, terrorism financing and application of international sanctions. It concerns mainly arrangement of compliance with the following regulations:
1. AML Act
2. Act No. 69/2006 Coll. on realisation of international sanctions
3. Regulation No. 67/2018 Coll. on selected requirements towards system of internal regulations, procedures and control measures against legalization of proceeds from crime and financing of terrorism
4. approved AML standards communicated by the Czech National Bank.
Generally, it is supposed that the AML officer is a person directly governing an employee, authorized to establish business relation or negotiations in the matter of virtual assets service provision.

12. Responsible person

The responsible person of the obliged person means – for the purposes of this document – any member of the statutory authority of the obliged person.

13. Virtual assets service value

For the purposes of this document the virtual assets service value means the general value of property being a subject of the virtual assets service. It is the value of the property as made available by the customer to the company Bright Technologies s.r.o. for the purpose of the virtual assets service provision respectively the value that is to be transferred, exchanged or otherwise used. In case of mutually related virtual assets service, the virtual assets service value is the sum of the services.

14. Conversion of sums

For the purposes of this document, the sum which is set in Euro (EUR) means an equal value in any currency converted based on the exchange rate announced by the Czech National Bank and valid for the day. If the exchange rate is not available that day yet, the exchange rate for the previous day applies. For current Exchange rates list of the Czech National Bank see https://www.cnb.cz/cs/financni-trhy/devizovy-trh/kurzy-devizoveho-trhu/kurzy-devizoveho-trhu/.

15. Binding force for third persons

The procedures set forth in this document are also binding on persons acting in the performance of virtual assets service or in establishing business relationships on behalf of or for the account of the company Bright Technologies s.r.o. mainly for authorized representatives (hereinafter referred to as “representative”). The responsible person shall ensure that the representative accepts and / or fully integrates these procedures into his / her own internal procedures. The responsible person shall also ensure compliance with the obligations set out in this document in the representative's environment.

Definition of a Politically Exposed Person

16. Politically Exposed Person – definition

According to the AML Act, a Politically Exposed Person („PEP“) means a natural person who is or was in an important public function with regional, national or even higher importance, for example:
1. chief representative of municipal authorities – major of a town or village, chief magistrate, region commissioner,
2. chief representative of municipal authorities for a foreign country with federative organization – chief representative of country authorities, members of country government and parliament, etc.,
3. head of state, prime minister, head of central authority of state administration (e.g., a minister) and his/her representative (deputy minister or secretary of state),
4. member of the Parliament, member of the control authority of a political party,
5. judge of the supreme court, constitution court or another supreme judicial authority,
6. member of the banking council of a central bank,
7. high officer of armed forces,
8. member of the statutory authority or representative of a member (in case of a legal person to be a member of the statutory authority) of a business corporation controlled by state,
9. ambassador or head of a diplomatic mission,
10. or a natural person performing or having performed any similar function in another country, EU authority or in an international organization.
A PEP is also considered to be a person close to the above stated person, mainly:
1. relatives in direct line – parents, grandparents, etc., children, grandchildren, grand grandchildren, etc.
2. siblings, wife, husband, partner
3. relatives of wife, husband, partner – son in law, daughter in law, father in law, mother in law
4. a person who lives with him/her on permanent basis
5. a person in family relation or similar relation to him/her, in case of any detriment suffered by one person to be justifiably considered as own detriment by the other person.
A PEP is also considered to be a person from the "business surroundings", being
1. a partner or beneficial owner of the same legal entity or trust fund as the person in the first paragraph,
2. known by the obligated person to be in close business relation with the person as per the first paragraph; that means material inter-relations within the scope of business activities, when the success or detriment of one person could be justifiably considered to be own benefit or detriment by the other person,
3. a beneficial owner of a legal entity or trust fund, which is the obligated person aware of the fact that they were developed in favor of the person specified in the first paragraph.

1. Definition of a Beneficial Owner

17. Beneficial owner of a legal entity

A beneficial owner is always related to a legal entity only. According to the AML Act, a beneficial owner means a natural person with factual or legal possibility of direct or indirect application of decisive influence in a legal entity, in a fiduciary fund or in any other legal organisation without legal personality. It is supposed that in case of fulfilment of conditions contained in previous sentence, the following person is a beneficial owner:
1. In case of a business corporation (usually a limited liability company, a joint stock company, etc.), the beneficial owner is a natural person who:
  1. independently or together with persons acting in compliance manages more than 25 % of voting rights of the business corporation or has a share in basic capital above 25 %, or
  2. independently or together with persons acting in compliance controls the person specified in previous point, or
  3. is a member of the statutory authority, representative of a legal person in the authority or in the position similar to the position of a statutory authority member, if he is not a beneficial owner or if it is not possible to set him according to previous points.
  4. is a recipient of at least 25 % of profits of the business corporation, or
2. In case of an association, a non-profit organization, association of unit owners, church, religious association or any other legal entity according to the act dealing with position of churches and religious associations, the beneficial owner is a natural person:
  1. who manages more than 25 % of its voting rights, or
  2. who is recipient of at least 25 % of the means distributed by it, or
  3. who is a member of the statutory authority, representative of a legal person in the authority or in the position similar to the position of a statutory authority member, if he is not a beneficial owner or if it is not possible to set him according to previous points.
  4. In case of foundation, institution, endowment fund, trust fund or any other legal organization without legal personality a natural person or a beneficial owner of a legal entity, the beneficial owner is a person being in position of:
    1. a founder, and then
    2. trustee, and then
    3. persons entitled to perform supervision over the administration of the foundation, institution, endowment fund, trust fund or any other legal organization without legal personality.
    4. a person, in the interest of whom there was established or works the foundation, institution, endowment fund, trust fund or any other legal organization without legal personality, unless the fiduciary is appointed, and then
    5. beneficiary, and then

Definition of a Controlling Person

18. Controlling person

According to Section 74 et conseq. Act No. 90/2012 Coll., on Commercial Companies and Cooperatives (Business Corporations Act), a controlling person means a natural person or legal entity who may directly or indirectly apply decisive influence in a business corporation. The indirect corporation means the influence executed through another person or other persons.
The controlling person(s) is/are:
1. always a person who is a majority owner, unless specified otherwise in the points below, and then
2. always a person who is a controlling person of the concern (Section 79 Act No. 90/2012 Coll.), and then
3. a person who may appoint or remove most of the persons being members of the statutory authorities of the business corporation or persons in similar position or members of a control authority of the business corporation, which he/she is a partner of, or he/she may push such an appointment, or
4. the person who manages the share in voting rights representing at least 40 % of all the votes in the business corporation, unless the same or higher share is managed by another person or persons, acting in conformity, or
5. persons acting in conformity, who jointly manage a share in voting rights representing at least 40 % of all the votes in the business corporation unless the same or higher share is managed by another person or persons, acting in conformity, or
6. a person who independently or together with other persons, acting in conformity, obtains a share in voting rights representing at least 30 % of all the votes in the business corporation and the share represented more than one half of voting rights of present persons during 3 recent consequent meetings of the supreme authority of the person.
For better understanding of conditions under which a natural person or a legal entity may be considered a controlling person, we recommend studying of relevant stipulations of the Act on business companies and co-operatives (Business Corporations Act).

Business relation establishment
1. Procedure before business relation establishment

19. Procedure before business relation establishment

In case of a customer to show his interest in establishment of business relations with the company Bright Technologies s.r.o., there must always be performed the following procedure. The employee authorized to negotiate the business relation establishment with the customer:
1. establishes a file (as a physical and virtual space) to keep all and any information and documents according to the system of internal rules related to the business relation or customer (unless it has been established earlier), and
2. he performed the initial identification of the customer (unless it has been performed earlier) – applying the procedure dependent on whether the customer is a natural person or a legal entity, and
3. performs the first check of the customer
4. sets up the risk profile of the customer based on risk assessment
5. provides this information to the AML officer, who will assess it and decide whether or not the business relationship will be established; The AML officer shall take into account, in particular the customer's risk profile, in particular if it is of type B, C, D or even E.
Only after full performance of the above stated procedure (and depending on its results) an employee may be entitled to act on behalf of the company Bright Technologies s.r.o. so as to establish a business relation and Bright Technologies s.r.o. may start provision of services within the frame of the business relation.
If it is proved that the customer is a PEP, the establishment of the business relation must be approved by the statutory authority of the company Bright Technologies s.r.o. (including the case when the customer is a legal entity, towards which obligations are applied as well as towards the PEP).

Procedure for Verification of International Sanctions

20. International Sanctions

International sanctions are a set of restrictive measures that the international communities (UN, EU) use as a tool to maintain or restore international peace and security, protect fundamental human rights, and fight terrorism. They are accepted by the competent authorities (UN Security Council, EU Council or European Commission) in the form of resolutions or decisions and regulations. In addition, the Czech Republic has a local individual list of 'intra-European terrorist groups'.
The Czech Republic applies two types of sanctions:
1. sanctions, which it applies towards specific natural and legal persons, listed on the sanction lists (so called sanctioned persons)
2. sanctions, which it applies towards certain types of goods (so called sector sanctions).
The following types of sanction regulations are legally binding (directly applicable) in the Czech Republic:
1. resolutions of the United Nations Security Council
2. resolutions of the EU Council or Commission (see https://sanctionsmap.eu)
3. resolution of the Czech Republic government (see http://www.amlsystems.cz/AML-dokumenty).
Carrying out of international sanctions in the Czech Republic is partially regulated by the AML Act and also by Act No. 69/2006 Coll., on Carrying out of International Sanctions.
For more information on the application of international sanctions, please consult the Financial Analytical Office website at: http://www.financnianalytickyurad.cz/mezinarodni-sankce.html.
The obligation to enforce international sanctions also applies to any other activities of Bright Technologies s.r.o., not only to those covered by this document.

21. Sanction lists

Two groups of sanction lists are legally binding for the Czech Republic:
1. sanction regulations coming out from EU law accessible through EUR-Lex - access to European Union law at http://eur-lex.europa.eu.
2. Government Decree No. 210/2008 Coll., On Implementation of Special Measures to Combat Terrorism, as amended, located eg at http://www.amlsystems.cz/AML-documents.
The responsible person shall give employees access to these lists.

22. Screened persons

Prior to establishing each business relationship and then with the specified periodicity, the employee must verify whether the Czech Republic does not apply international sanctions against the customer or the persons associated with the customer. The verification periodicity of international sanctions should be set so that no service is ever provided to a customer that is subject to international sanctions - i.e., ideally prior to the provision of each virtual assets service or at least once a day, or possibly whenever the sanction lists are updated.
If the customer is a natural person, the screening includes the customer himself / herself and, if applicable, also all the persons acting on behalf of the customer (proxy, legal representative, guardian).
If the customer is a legal person, this screening includes the following persons (both natural and legal):
1. the customer itself (a legal person in this case); and also
2. all members of the statutory body (these may be natural or legal persons); and
3. all controlling persons (see the definition in the Chapter I.5); and
4. all persons that are the beneficial owners of the legal person (which is identified during the initial check of the customer, according to the Chapter II.5, these may be natural persons only); and
5. possibly also an agent, proxy, legal representative, and guardian
6. with all the persons the identity of which the company established within the scope of identification or control (mainly all the persons from the management and control structure of the customer).
Furthermore, in the duration of the business relationship, it is always necessary to verify the international sanctions against the counterparty of the customer's transaction (if the counterparty of the company is known), especially if Bright Technologies s.r.o. ensures the execution of payments, taking into account all the information accompanying these transactions (e.g., the requisites of SWIFT messages, SEPA payments and letters of credit etc.)

23. Search for a person in sanction lists

The fact whether the Czech Republic applies international sanctions against the customer or the persons associated with the customer is found out by the employee by looking all the aforementioned persons (both natural and legal) up in the currently valid and available sanction lists.
The contents of these two lists differ. If the person is found in any of these sanction lists, it means that the Czech Republic applies international sanctions against this person. In the case that the person is not in one of the mentioned sanction lists, the Czech Republic is considered not to apply any sanctions against this person.
The employee has the obligation to create a record about the screening and the result, which corresponds to the requirement of, it contains at least the following information:
1. date of verification and name of the person who performed the verification (if performed by a specific employee and not automated)
2. a list of natural and legal persons that have been reviewed in the sanction lists
3. information on the sanction lists under which the verification was carried out
4. result of verification (negative or positive finding).

24. Sanction programs

In addition to verification of the persons' presence on the sanction lists, the AML officer and the employee must be familiar with the currently effective EU sanction programs. The Czech Republic, as a member country of the EU, does not only apply sanctions to certain persons only, but also to certain types of goods or services. It may happen (even during a business relationship) that the inspection of the customer indicates, based on the customer's communication or based on the submitted documents, that the customer uses the services of the company to trade or transfer (on the customer's own behalf or on another person's behalf ) goods or services subject to international sanctions, e.g., the customer states that the payment relates to the movement of the goods and it turns out that it concerns so called dual-use goods that can also be used for military purposes and the expedition of such goods to some countries is forbidden).

The list of currently applicable sanctions is included in the "Consolidated list of sanctions" section: https://eeas.europa.eu/topics/sanctions-policy/8442/consolidated-list-of-sanctions_en.

25. Procedure in case of a person to which the international sanctions apply

In case the Czech Republic applies international sanctions against the customer or the persons associated with the customer or if the virtual assets service are in any way related to international sanctions, such negotiation regarding establishment of a business relationship or provision of virtual assets service is inevitably a suspicious transaction, and it is necessary to take all the necessary steps.
It is also necessary for the employee to ensure that the company proceeds in accordance with the specific sanction and in accordance with Act No. 69/2006 Coll., on Carrying out of International Sanctions. For this purpose, contact both the AML officer and the statutory body of Bright Technologies s.r.o. and coordinate the next step with it.

Procedure during the Initial Customer Check

26. Initial customer check

The purpose of the initial customer check is to obtain information about the customer, necessary for the assessment, in particular:
1. whether the customer does not represent any risk for Bright Technologies s.r.o. from the point of view of money laundering and financing of terrorism and in the preparation of its risk profile;
2. whether the customer meets the customer's eligibility criteria (i.e., whether Bright Technologies s.r.o. will provide any services for the customer at all)
3. whether the services provided subsequently during the duration of the business relationship do not show signs of suspicious trade, which would be subject to the notification obligation.

1. Ban to Enter a Business Relationship

27. Ban to establish a business relationship

The company Bright Technologies s.r.o. rejects to enter into a business relationship with a customer if:
1. the customer does not provide us with required cooperation within the performance of the verification and initial identification – i.e., does not provide with the information and data required or does not support these with relevant documents (if required), or
2. if there have emerged any doubts related to the correctness and completeness of the information provided to us by a customer within the initial identification or initial verification, or
3. if there was established any suspicion that a customer has provided us with untrue, distorted or incomplete information or in the event when a customer submitted false, altered or untrustworthy documents
4. due to any other reason is not possible to perform the initial identification or initial verification of a customer, or
5. it is clear at the customer that the intended business relationship is intended to provide services to a person other than himself (i.e., he acts solely as an intermediary or identity provider) and the customer does not present a power of attorney; or
6. the customer is subject to EDD and the statutory body Bright Technologies s.r.o. or the person authorized by it has not consented to the establishment of a business relationship
7. the customer is PEP and Bright Technologies s.r.o. does not know the origin of the property that the customer will use for each service
8. the customer has been, pursuant to its risk rate, ranked within a group of customers with which the company shall not establish any business relationship.
In the event when the establishment of business relationship is refused, a closer attention of employees shall be focused on the facts, whether the behaviour of a customer, due to which such a situation emerged, is typical of suspicious business characteristics.
The document titled Risk Assessment may determine for individual types of the customers, services or services provision methods even other circumstances, under which the business shall not be performed. Next, it can determine the rules of customer acceptance – i.e., features of a customer who is not allowed to be provided with the services (or certain type of service). Our employee is obliged to respect the extended list.

1. Ban to Provide Service and the Obligation to Terminate a Business Relation
  - 28. Ban to provide service

A customer will not be provided with the service and business relationship with a customer will be terminated if any of the following facts would emerge:
1. A customer rejects to undergo the identification, if its performance becomes obligatory (e.g., if identification data has been changes or should be completed)
2. A customer rejects to submit a power of attorney if there has emerged a reason to submit this kind of document (e.g., when the executive ceases to hold its office, but a customer – a legal person – still requires he/she should act on customer's behalf, or in the event when the employee suspects a customer does not act in its own name, i.e., the funds that are subject to respective service does not belong to a customer, but is owned by any other person, and a customer acts in this case only as intermediary or identity provider)
3. A customer rejects the cooperation in the course of verification, i.e., rejects to submit or complete the data for which he/she was asked by the company Bright Technologies s.r.o. during the initial or continuous verification, or eventually rejects to submit relevant documents when he/she was asked for them
4. A customer who was not a PEP person has become in the course of business relationship duration a PEP that is active beyond the EU or a PEP active within the territory of EU, and in case of such person was identified a risk factor, and the company Bright Technologies s.r.o. is not aware of the origin of customer's financial funds or the statutory body of Bright Technologies s.r.o. has not granted its consent with the continuation of such business relationship, or such a consent has not been granted by a person authorised by the statutory body
5. A person performing the identification or verification has doubts whether the information stated by a customer is true (and such doubts were not refuted by a customer)
6. Risk assessment of a customer became worse and a customer moved to the group of E risk profile, i.e., to the group of customers that are not allowed to enter into a business relationship with the company, i.e., the existing business relationship is terminated
7. Identification of a customer was performed via a distance identification, and the first payment resulting from the business relationship was not successfully made to the account stated on a customer's name – in this event the business relationship is not terminated, however, the customer is not provided with any further services up to the moment when a „face to face“ identification is made
8. during risk assessment it was discovered that sanctions were imposed against customer and there is no permission from FAÚ and statutory authority
When any of the stated situations arises, the employee shall report it to an AML officer without delay, and also is obliged to ensure that a customer is not provided with the required service by the company Bright Technologies s.r.o. An AML officer shall ensure the business relationship with a customer will be terminated (de facto and de jure). Furthermore, the employee shall pay increased attention when assessing whether the behaviour of a customer does not show some features of suspicious business.

Suspicious Business
1. List of Suspicious Business Features and Their Assessment

29. Suspicious business in general

A suspicious business shall be understood as the service provided in circumstances which give rise to a suspicion to perform a legalization of proceeds of crime, or a suspicion that the assets which are subject to certain service are determined for the terrorism financing purposes.
A suspicious business may be also understood as the customer's behaviour which is not directly intended to be provided with a service, but is giving rise to a substantiated suspicion that a customer is aimed to act illegally, i.e., within the scope of mentioned unfair activity. A suspicious business or transaction may be also a service which has not been provided by the employee (in circumstances stated in Chapter II.5), or if the case was recognised only as a customer's attempt to establish the business relationship.

30. Features and circumstances of a suspicious business

Features and circumstances which might indicate the case of a suspicious business:
1. the payment was credited from other account then usually in particular customer's case, or the payments are credited from the account or even various accounts which are not owned by the customer, and there is no apparent connection between the owner of that account and the customer
2. the customer is from the country in which the company usually does not offer its services
3. the customer is using services (Enters the virtual asset orders, etc.) from more countries
4. the customer uses funds to purchase such type goods, and eventually also such volume of goods which does not correspond to usual behaviour of a customer or to its financial means
5. the customer asks for the virtual assets service and makes or requests the payment in cash and vice versa
6. the customer resells goods or services purchased for funds for no apparent economic reason
7. the customer uses funds as a deposit instrument (stores and holds assets there for no apparent reason) and then requests a redemption
8. the customer requests external transfer to an account that does not belong to him / her - belonging to a person with no apparent relationship with the customer
9. the customer's business or place where funds can be used is fictitious or difficult to verify or otherwise non-standard
10. a "sleeping" customer - the customer with whom the business relationship was established does not use the services and the view will change without any justification, or the frequency and volume of the services used will suddenly cease again
11. the purpose for which the customer uses the services is contrary to the declared purpose
12. the volume of services used by the customer does not correspond to the customer's property and economic conditions (and it is contrary to what the company Bright Technologies s.r.o. knows about the customer)
13. the virtual assets service of the company are probably used by a person other than the customer himself
14. the customer makes multiple transfers and the volume of these transfers is just below 1 000 EUR or below15 000 EUR as they consider that they are not subject to monitoring
15. the customer offers the employee money or other remuneration for performing a non-standard service or potentially suspicious transaction or for establishing a business relationship where the employee does not require all the particulars (identification, control, etc.)
16. the customer mentions that the funds which are the subject of the service are of illegal origin or intended to finance terrorism
17. the customer unreasonably assures the employee that the funds which are the subject of the service have been acquired in accordance with the law or that the money is not of illegal origin or that it is not intended to finance terrorism
18. the customer shows an unusual interest in the policies, procedures and measures which the company Bright Technologies s.r.o. follows within the System of Internal Rules and Risk Assessment
19. the customer has extensive knowledge of legalization of proceeds of crime or terrorism financing
20. the customer is unreasonably nervous during the negotiations and gives the impression that he has been instructed by another person
21. the customer is unusually trying to converse with an employee on the topic of money laundering or terrorism financing
22. the customer deliberately seeks to establish a friendly relationship with the employee
23. the person acting on behalf of the customer is accompanied by another person and is monitored
24. the customer uses the services of multiple companies for no apparent reason
25. the customer uses services that are normally provided by banks and is willing to use the services of the company without justification even if it is significantly more expensive for him
26. the customer uses the services of the company without any links to the Czech Republic and without it, i.e., it tries to introduce another country into the transfers in order to make it difficult to trace the financial flows
27. the customer carries out activities that may help to conceal his identity or to conceal the identity of his beneficial owner
28. the customer submits an identity document that shows any of the features listed in Chapter II.2 under points Features of an ID Unsuitable for Identification
29. the customer presents only copies of identity cards or unverified copies of other documents
30. the customer requests identification on the basis of a document other than that required by the employee
31. there are reasons to refuse to provide a service or the obligation to terminate a business relationship
32. the customer tries to persuade the employee not to request some data that is necessary for identification or control purposes
33. the customer asks questions that lead to suspicion that he is trying to avoid identification and control
34. the customer provides confusing, deceptive or contradictory information
35. the customer knows little details about the purpose of the business relationship or the origin of the funds
36. the customer over-explains the origin of the funds or the purpose of the transaction
37. the customer carries out high-volume transactions using funds obviously used for business purposes, but the customer does not wish to associate them with the business (i.e., to tell the business person which funds belong to and for whom he is acting)
38. the counterparty of the service is a person whose activity is linked to a country where measures against money laundering or terrorism financing are applied insufficiently or not at all; a list of these countries is given in Annex 5
39. the employee knows from a reliable source (e.g., television, newspapers, etc.) that the customer or business counterparty is involved in illegal activities or has a criminal history
40. in the course of one day or in the days immediately following, the customer will carry out noticeably more deals than is usual for his activity
41. the customer indicates the purpose of the transaction, which is hardly compatible with his activity
42. the customer is a non-profit or charitable organization and the purpose of the business that he or she communicates is contrary to the activity that he or she states or publicly declares.
The present list is only a non-exhaustive. Practical experience can include also other circumstances not stated here, these indicate that the service might be used to legalize the proceeds of crime and financing terrorism, therefore this could the case of a suspicious business.
On the other hand, if the business shows any of the stated features, this is not necessarily the case of a suspicious business

Suspicious Business Reporting

31. Procedure in case of suspicious business reporting

If the case has been assessed by the employee as a suspicious business, immediately after the performance the employee contacts an AML officer, and
1. Shall report he/she found out a suspicious business,
2. Shall submit all the data and all the printed documents related to a suspicious business (in particular the data and documents obtained during the customer's identification and verification procedure),
3. Shall state the reasons why the business was assessed as suspicious one,
4. Shall inform an AML officer on other facts which the employee considers essential in relation to this business,
5. Next, the employee shall cooperate with an AML officer upon officer's requirements

32. Activity of an AML officer

An AML officer shall start to be focused immediately on the case when it was reported by the employee, and shall perform all the steps in order to assess the business. In the event when an AML officer has assessed the business as suspicious one, an officer shall decide whether there have arisen the grounds for the postponement of customer's order. Next, the suspicious business shall be reported to FAU without undue delay, however, not later than within 5 days from the moment when the suspicious business was found out.

Other obligations
1. Information Obligation

33. Procedure for providing the FAU with information

The company Bright Technologies s.r.o. communicate, at the FAU's request, information on the services or trade relations for which the FAU is investigating within a specified period. The responsible person shall ensure the submission of documents on these transactions or give them access to authorized employees of the FAU.
In case of personal contact, the authorized employees of the FAU shall produce a service card issued pursuant to the Act on Implementation of International Sanctions. The model of this card is a part of Decree No. 53/2017 Coll. FAU employees are not obliged to give their name.
If requested by the AML officer or responsible person, each employee is obliged to provide assistance to him in the performance of this duty.

Confidentiality Obligation

34. Confidentiality Obligation

The employees, a person responsible, and an AML officer are obliged to follow the confidentiality obligation on the facts related to:
1. Notifications and investigation of a suspicious business
2. acts performed by the FAU
3. Performance of information obligation (see Chapter V.1).
Next, everybody how becomes aware of these facts is obliged to keep them confidential.
If these persons were transferred to another job position, by the fact when their employment relationship was terminated or due to other contractual relationship with Bright Technologies s.r.o., nor by the fact that the company Bright Technologies s.r.o. ceases to provide its services, the confidentiality obligation shall not be extinguished

35. Exceptions form confidentiality obligation and related procedure

The AML Act allows exemptions from confidentiality obligation in such cases that are stated in Section 39 of the AML Act. Thus, in the event, when any person requires to be provided with the information which is subject to the confidentiality obligation, shall notify a person responsible that shall review whether the Section 39 of the AML Act might by applied, i.e., the exemption from the confidentiality obligation towards a specific person. After the investigation findings a person responsible shall make a decision, whether and within which scope the information can be submitted. In the event when the information is requested by the FAU.

Obligation to Train Employees

36. Training obligation

The responsible person is obliged to ensure all the employees undergo the training, i.e., the employees that may, during the performance of their working tasks, encounter a suspicious business, including a person responsible and an AML officer. The training shall include the rules and procedures stated herein, risk assessment, the AML Act, eventually the other legal regulations. The employees must be trained in such a way to be able to perform their work without mistakes and apply all the provisions stated herein, i.e., the provisions which are related to such employees. A person responsible shall amend and update the content of training.

37. Training frequency

The training must be performed at least once within the period of 12 months. There is also necessary to train all the not yet trained employees before they enter respective work positions (i.e., new or transferred employees).

38. Training report

The responsible person keeps and archives, in accordance with Chapter V.5 the attendance list and training content list. For these purposes may be used a sample of employees training report which forms a part of the Annex No. 3.

Information and Documents Keeping and Archiving

39. Way of data recording

All the data and documents related to the business relationship shall be archived. In particular, this is the case of filled in forms, original documents or copies of documents submitted by a customer, and other company internal records. All the data and documents related to a specific service shall be archived analogically.
A part of these documents may be also in a digital form. Any other way of data and documents archiving may be decided by a person responsible.

40. Making copies

The employee shall, pursuant to the AML Act, be authorised to make and keep the copies or identity cards or other documents records, upon which the identification is performed.
In the event when from a copy made and archive is apparent the data which shall be otherwise obligatory recorded applying the way described herein, then it is not necessary to enter the data into the form. It is sufficient when the data is clear from the copy which was made.

41. Way of data and documents keeping

From each recorded information and archived documents shall be apparent:
1. To which business relationship they are linked
2. The employee who entered the data, amended the data or verified the data, and archived the documents
3. The date on which was the data entered, amended or verified or when the documents were archived.
Next, an AML office shall ensure safe archiving of the copies of filed notifications on a suspicious business, a document on their lodging, eventually an advice on their delivery.

42. Digital data

If the data or documents are recorded in a digital form, then the back-up shall be performed by a person responsible or by a person authorised to do so.
Archiving some documents in a digital form is not allowed, which results from the provisions of the AML Act that prescribes some documents to be archived only as the original documents or certified copy – this is, in particular, the case of the powers of attorney and identification documents.

43. Period for which the information and documents shall be archived

Pursuant to the AML Act the company Bright Technologies s.r.o. is obliged to archive the data and documents for the following period:
1. All the information and documents related to the business relationships and services defined herein shall be archived for the period of 10 years. This period starts to be counted by the first day of a calendar year which follows the year in which specific relationship was terminated.
2. The employee training report shall be archived at least for the period of 5 years after the date when the training was performed.
3. The assessment report shall be archived for the period of 5 years as a minimum.

1. Obligation to Assess Regulations and Update Them

44. Frequency of assessment of AML rules and updates

The responsible person shall assess, at least every 12 calendar months, whether the provisions set out in this document and in the Risk Assessment document are current, proportionate to the nature, scale and complexity of currency exchange services and related activities. If necessary, it performs or arranges for updates to keep the regulations current and in line with the actual situation.
In addition to this regular 12-month interval, the responsible person shall, without undue delay (ideally in advance), review and update this document and the Risk Assessment if any such need arises:
1. the conclusion made in the Risk Assessment; or
2. information provided by Bright Technologies s.r.o. obtains and leads to the conclusion that the Risk Assessment or the supporting documents used for it are no longer up - to - date, or
3. a change in the business or strategy of Bright Technologies s.r.o., or
4. amendments to legal regulations published especially on the website of the Financial Analytical Office http://www.financnianalytickyurad.cz/, on http://www.amlsystems.cz/AML-documents and on the website of the Czech National Bank https://www.cnb.cz/cs/dohled-financni-trh/legislativni-zakladna/legalizace-vynosu-z-trestne-cinnosti/; these pages are informative only and the responsible person is supposed to be active
The responsible person will always create a written record of the assessment result and any further steps (whether the update and other details have been made).
If there is a change in the Risk Assessment, the responsible person shall record the procedures used to draw up or update the Risk Assessment and shall also record the reasons on which it has drawn the conclusions contained therein.
Furthermore, if the procedures set out in this document or in the Risk Assessment are substantially changed, the responsible person will organize training for the staff affected. It will record the content and attendance of the training according to the Chapter V.4.
Changes in this document and in the Risk Assessment are approved by the Company's statutory body.

45. Customer´s data updates

If the procedures set out in this document or in the Risk Assessment are changed, the responsible person shall verify that the information provided by Bright Technologies s.r.o. about customers (information obtained during the identification and control of the customer and any other information used to prevent ML-FT), its content and scope correspond to new obligations. If not, the responsible person will oblige the employees to supplement or update this information. The employee shall always do so at the latest before making another trade with the customer.

List of countries grouped according to the risk of money laundering a terrorism financing, determined by Bright Technologies s.r.o. for the needs of creation of client’s risk profile upon own risk assessment.

Within the determination of the client's risk profile from the ML-FT point of view, Bright Technologies s.r.o. individually determined areas of factors, which can potentially influence the form of the client's risk profile, both during the establishment of a business relationship and during it.
The individual risk factors are the factors which are set within the own risk evaluation as per § 6 section a), 3. of the Regulation No. 67/2018 Coll. This annex stipulates own risk factors related to the subjective risk perception considering the location or legal seat of the client or legal entity in the client’s structure (hereinafter referred to as the “legal seat”).
Bright Technologies s.r.o. uses three risk categories pertaining the aforementioned area - black list, high risk, low risk. Pursuant to these categories, Bright Technologies s.r.o. hereby provides the list of activities, which can include the possible client’s legal seat. The client's legal seat in a certain category affects the perception of his risk and may (but must not necessary) affect the final determination of the weight of a given factor in relation to the determination of his risk profile.
Stipulation of risk categories relating to the individually set risk factor is indicative, where the decisive is the final assessment of factor’s weight by the AML Officer and its further reflection on the final form of client’s risk profile. The designated categories are thus the starting point for the assessment of the client's riskiness by AML Officer in the context of other facts and factors.
Additionally, the current wording of Act No. 253/2008 Coll., On Certain Measures Against Money Laundering and Terrorism financing stipulates the obligation to always inspect customers established in a country, which is required by the European Commission (EC), Financial Action Task Force (FATF) or otherwise be considered high risk.
While creating this list Bright Technologies s.r.o. took into consideration the following lists:

List of countries identified by the EC as high risk and published in the Commission Delegated Regulation (EU) 2016/1675 as in force as of 13.03.2022.
List of countries identified as being at risk in the Public Notice of the Financial Action Task Force (FATF) dated 17.06.2022.

Lists created by EU and FATF are essential for assessing the risk of individual customers, transactions and business relationships. In the event that the establishment, origin or activity of the customer is related to the territory in these lists, or is related to a trade or business relationship, it is necessary to pay high or increased attention in assessing the potential risk with all possible consequences (strengthened level of customer control; or establish a business relationship, end a continuing business relationship, or file a suspicious transaction report).
This list does not replace the list of persons against whom the Czech Republic applies international sanctions or the list of so-called politically exposed persons.
In this list you will find the following symbols:

E – EU considers measures against money laundering and terrorism financing of these countries have shortcomings.
F – FATF considers measures against money laundering and terrorism financing of these countries have shortcomings.
HR – EU and FATF consider measures against money laundering and terrorism financing of these countries show serious shortcomings or have not yet committed to international cooperation.

Category:
Black List: Abkhazia Afghanistan^E Akrotiri and Dhekelia Antarctica Artsakh Burkina Faso^HR Belarus Central African Republic Congo(Democratic Republic of)^E Crimea Donetsk People Republic Haiti^HR Hawaii Heard Islands and McDonalds Islands Iran^HR Iraq Kosovo Libya Lugansk People Republic Mali^HR Myanmar^HR Nicaragua^HR North Korea (Republic of)^HR Pakistan^HR Palestinian Territory Russia Somalia South Ossetia South Sudan^HR SyriaHR Transnistria Us Minor Outlying Islands Us Virgin Islands USA Venezuela Western Sahara Yemen^HR Zimbabwe^E	High Risk: Aland Islands Albania^F Algeria Angola Anguilla Antigua and Barbuda Argentina Armenia Aruba Ashmore and Cartier islands Azerbaijan Bahamas Bahrain Bangladesh Barbados^HR Belize Benin Bermuda Bhutan Bolivia Bonaire Bosnia and Herzegovina Botswana Bouvet islands Brazil British Indian Ocean Territory British Virgin Islands Brunei Bulgaria Burundi Cambodia^HR Cameron Canada Canary Islands Cape Verde Caribbean Netherlands Cayman Islands^HR Ceuta Chad Chile China People Republic Christmas Island Clipperton Islands Cocos (Keeling) Island Columbia Comoros Congo Cook Islands Coral Sea Islands Costa Rica Croatia Cuba Curacao Djibouti Dominica Dominican Republic Eastern Island Ecuador Egypt El Salvador Equatorial Guinea Eritrea Eswatini Ethiopia Falkland Islands Faroe Islands Federated States of Micronesia Fiji French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Ghana Gibraltar^F Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea Bissau Guyana Honduras Hong Kong Hungary Iceland India Indonesia Isle of Man Israel Ivory Coast (Côte d'Ivoire) Jamaica^HR Japan Jersey Jordan^HR Kazakhstan Kenya Kiribati Korea (Republic of) Kuwait Kyrgyzstan Laos Lebanon Lesotho Liberia Liechtenstein Madagascar Madeira Malawi Malaysia Maldives Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Melilla Mexico Moldova Monaco Mongolia Montenegro Montserrat / brit Morocco^HR Mozambique Namibia Nauru Navassa island Nepal New Caledonia New Zealand Niger (The) Nigeria Niue Norfolk Island North Macedonia Northern Mariana Islands Oman Palau Panama^HR Papua Papua New Guinea Paraguay Peru Philippines^HR Pitcairn / brit Puerto Rico Qatar Reunion Romania Rwanda S. Georgia & S. Sandwich Isl Saba Saint Barthelemy Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucie Saint Martin Saint Pierre and Miquelon Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal^HR Serbia Seychelles Sierra Leone Singapore Sint Eustatius Sint Maarten Solomon Island South Africa Sri Lanka St. Vincent and The Grenadines Sudan Surinam Svalbard and Jan Mayen / Norway Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Island / New Zealand Tonga Trinidad and Tobago^E Tunisia Turkey^F Turkmenistan Turks & Caicos Islands Tuvalu Uganda^HR Ukraine United Arabic Emirates^F Uruguay Uzbekistan Vanuatu^E Vatican City State Vietnam Wake island Wallis and Futana / France West Papua Zambia	Low Risk: Australia Austria Belgium Cyprus Czech Republic Denmark Estonia Finland France Germany Greece Ireland Italy Latvia Lithuania Luxembourg Netherlands Norway Poland Portugal Slovakia Slovenia Spain Sweden Switzerland United Kingdom of Great Britain and Northern Ireland (the)

List of activities grouped according to the risk of money laundering a terrorism financing, determined by Bright Technologies s.r.o. for the needs of creation of client’s risk profile upon own risk assessment.
Within the determination of the client's risk profile from the ML-FT point of view, Bright Technologies s.r.o. additional individually determined areas of factors, which can potentially influence the form of the client's risk profile, both during the establishment of a business relationship and during it.The individual risk factors are the factors which are set within the own risk evaluation as per § 6 section a), 3. of the Regulation No. 67/2018 Coll. This annex stipulates own risk factors related to the subjective risk perception considering the activity of the client or legal entity in the client’s structure (hereinafter referred to as the “activity”).Bright Technologies s.r.o. uses four risk categories pertaining the aforementioned area - black list, high risk, medium risk and low risk. Pursuant to these categories, Bright Technologies s.r.o. hereby provides the list of activities, which can include the possible clients’ activities. The client's activity in a certain category affects the perception of his risk and may (but must not necessary) affect the final determination of the weight of a given factor in relation to the determination of his risk profile. In case the risk factor is already included within other list in relation with the need to stipulate the risk profile outside the own risk’s evaluation, the below-stated risk factors can be additional and could be repeatedly taken into account even outside the framework of their compulsory consideration.Stipulation of risk categories relating to the individually set risk factor is indicative, where the decisive is the final assessment of factor’s weight by the AML Officer and its further reflection on the final form of client’s risk profile. The designated categories are thus the starting point for the assessment of the client's riskiness by AML Officer in the context of other facts and factors.If the activity has the suffix "industrial", it means that the client's activity has the scope of a large company according to individually determined parameters (the company has more than 100 employees, more than 20 million EUR in assets, its turnover is 3 million EUR per month (40 million EUR per year), or similar criteria). To fulfill this condition the client must overdraft the limits of 2 criteria.

Category:
Black List Production or trade in any product or activity deemed illegal under host country laws or regulations or international conventions and agreements, including without limitation host country requirements related to environmental, health and safety and labor aspects; Weapon, drug, tobacco, adult Tobacco Growing Manufacture Wholesale and Retail Drug and pharmaceutical crops, related accessories (intoxicating substances), Pharmaceuticals and goods whose effect is doubtful. Growing Manufacture Wholesale and Retail Weapon Manufacture of weapons and ammunition Specialized retail sale of weapons and ammunition Pyrotechnics Weapon of mass destruction Cold weapon Ammunition Adult Any business relating to prostitution Outbound-Telemarketing Night clubs / Cabaret bars Debt collection agencies Church-like organizations or groups that do not have church status Charitable societies Chain letters High-risk telemarketing companies (horoscopes, predictions / forecasts of any kind) Timesharing Guarantees (long-term nature of contract makes risk difficult to calculate) Replicas Public administration and defense; compulsory social security Public administration and defense; compulsory social security Administration of the State and the economic and social policy of the community Activities of religious organizations Activities of political organizations	High Risk Sub-Acquiring / merchant aggregation Diamond trading, Jewel, Gem, Precious metal dealers, with license Alcohol (with license) Wholesale and Retail Adult Pornography with verification Dating Money exchange dealer, Forex/Binary Options (CFD) with license Gambling and betting activities with license Gambling and betting activities Lottery activities Organization of gambling games and betting Organization of other games of chance Poker Room Financial and insurance activities Financial service activities, except insurance and pension funding Insurance, reinsurance and pension funding, except compulsory social security Activities auxiliary to financial services and insurance activities Providing virtual assets services Virtual assets exchange Virtual assets trading Agriculture, forestry and fishing (industrial) Crop and animal production, hunting and related service activities Growing of non-perennial crops Growing of perennial crops Plant propagation Animal production Support activities to agriculture and post-harvest crop activities Hunting, trapping and related service activities Forestry and logging Silviculture and other forestry activities Logging Gathering of wild growing non-wood products Support services to forestry Fishing and aquaculture Marine fishing Marine aquaculture and Freshwater aquaculture Mining and quarrying (industrial) Mining of coal and lignite Extraction of crude petroleum and natural gas Mining of metal ores Other mining and quarrying Quarrying of stone, sand and clay Quarrying of ornamental and building stone, limestone, gypsum, chalk and slate Operation of gravel and sand pits; mining of clays and kaolin Mining support service activities Manufacturing (industrial) Manufacture of wood and of products of wood and cork, except furniture; manufacture of articles of straw and plaiting materials Manufacture of coke and refined petroleum products Manufacture of chemicals and chemical products Manufacture of basic pharmaceutical products and pharmaceutical preparations Manufacture of rubber and plastic products Manufacture of other non-metallic mineral products Manufacture of basic metals Manufacture of fabricated metal products, except machinery and equipment Manufacture of computer, electronic and optical products Manufacture of electrical equipment Manufacture of batteries and accumulators Manufacture of motor vehicles, trailers and semi-trailers Manufacture of other transport equipment Electricity, gas, steam and air conditioning supply (industrial) Production, Transmission or Distribution of electricity, gas, steam and air conditioning Water supply; sewerage, waste management and remediation activities (industrial) Water collection, treatment and supply Sewerage Waste collection, treatment and disposal activities; materials recovery Remediation activities and other waste management services Construction (industrial) Construction of buildings Development of building projects Civil engineering Demolition Human health and social work activities Hospital activities Medical and dental practice activities Other human health activities Social work activities without accommodation Real estate activities Renting and operating of own or leased real estate Real estate activities on a fee or contract basis Real estate agencies Activities of extraterritorial organisations and bodies Arts, entertainment and recreation Creative, arts and entertainment activities Libraries, archives, museums and other cultural activities Sports activities and amusement and recreation activities Other service activities Activities of membership organizations Activities of business, employers and professional membership organizations Activities of trade unions	Medium Risk Wholesale and retail trade; repair of motor vehicles and motorcycle Wholesale and retail trade and repair of motor vehicles and motorcycles Sale of motor vehicles Maintenance and repair of motor vehicles Sale of motor vehicle parts and accessories Sale, maintenance and repair of motorcycles and related parts and accessories Wholesale trade, except of motor vehicles and motorcycles Wholesale on a fee or contract basis Wholesale of agricultural raw materials and live animals Wholesale of information and communication equipment Other specialized wholesale Accommodation Hotels and similar accommodation Holiday and another short-stay accommodation Camping grounds, recreational vehicle parks and trailer parks Other accommodation Information and communication Publishing activities Publishing of books, periodicals and other publishing activities Motion picture, video and television programmed production, sound recording and music publishing activities Motion picture, video and television programmed activities Motion picture, video and television programmed production activities Motion picture, video and television programmed post-production activities Sound recording and music publishing activities Information service activities Data processing, hosting and related activities; web portals Professional, scientific and technical activities Legal activities Accounting, bookkeeping and auditing activities; tax consultancy Activities of head offices; management consultancy activities Management consultancy activities Public relations and communication activities Architectural and engineering activities; technical testing and analysis Design and construction activities Geodesic activities Geological exploration and prospecting Technical testing and analysis Scientific research and development Advertising and market research Administrative and support service activities Rental and leasing activities Employment activities Travel agency, tour operator reservation service and related activities Security and investigation activities Education Pre-primary education Primary education Secondary education Higher education Other education Ticketing Traveling Air Railways Buses Taxis Transportation Concerts Cinema Events	Low Risk Retail Food Restaurants manufacturing (not industrial) medium risk activities with monthly turnover less than 5000 EUR/month Person using service for personal goals (e.g., investments in virtual assets) Other

Last amended on January 22th, 2024