1. Preamble

This document outlines the KYC policy of Cofi Money a brand name of The Stoa Corporation Ltd (also referred to as “we”, “our/ours”, “us”), designed to prevent, and mitigate risks associated with money laundering, terrorist financing, fraud, and other criminal activity in accordance with German and European Union regulations.

This includes the creation and updating of appropriate business and customer-related safeguards, the implementation of controls and the appointment of an anti-money laundering and fraud prevention officer, who is directly subordinate to the management and responsible for implementing the regulations on combating and preventing money laundering, terrorist financing and fraudulent activities.

Responsible at management level is Mike Saraswat (also referred to as “Responsible Managing Director”).

2. Scope and Objective

This policy applies to all customers and users of Cofi Money.

3. Customer Identification

Prior to accessing our services, each customer must undergo a verification process and provide:
  • Full legal name
  • Date of birth
  • Place of birth
  • Nationality
  • Residential address
  • Proof of identity (such as a valid passport or German ID card)
  • Proof of residence (such as a utility bill or rental agreement)
  • Wallet address
  • Source of funds
  • Any additional information deemed necessary by Stoa or regulatory bodies
Stoa may use reliable third-party or public databases for verification purposes. Our KYC partner is Sum and Substance Ltd. (also referred to as “KYC Partner”).

4. Customer Due Diligence

Customer Due Diligence measures will be undertaken for all customers. Enhanced Due Diligence measures may be applied in cases involving higher risk, such as customers involved in complex, unusually large transactions, or unusual patterns of transactions that have no apparent economic or visible lawful purpose.

4.1 General Due Diligence Obligations

We must always fulfil general due diligence obligations regarding our customers. These are used to create customer profiles, based on which we can assess the risk of money laundering or terrorist financing in relation to the respective customer. To this end, we take the following measures via our KYC Partner before establishing a business relationship:
  • Identification of the contractual partner as well as the person acting on behalf of the contractual partner, if any, (including checking whether this person is entitled to do so);
  • Clarification as to whether the contractual partner is acting on behalf of a beneficial owner, including, if applicable, his identification;
  • Clarification of whether the contractual partner is a "politically exposed person" (PEP), a family member or a known close person.
The data is collected via our KYC Partner and is then forwarded to us.

Based on the customer profile created in this way, we carry out a risk assessment, as the scope of the measures to be implemented by us to prevent money laundering or terrorist financing.

As part of the ongoing business relationship, we take the following measures:
  • Continuous monitoring of the business relationship and transactions to ensure that they are consistent with the available information and the customer profile;
  • Periodic updating of documents, customer data and information within risk-based defined time windows or in the event of changes in the circumstances of the respective customer.
Important note:
If the general due diligence obligations cannot be fulfilled in accordance with the aforementioned regulations, e.g., because no or unsuitable documents are submitted or information is refused, the business relationship may not be established or continued and no transaction may be carried out. Any doubts must be clarified with the Responsible Managing Director.

4.2 Enhanced Due Diligence

In addition to the general due diligence obligations, increased due diligence obligations must be fulfilled if we determine a higher risk of money laundering or terrorist financing.

5. Record Keeping And Retention

5.1 Record Keeping

In addition to the general due diligence obligations, increased due diligence obligations must be fulfilled if we determine a higher risk of money laundering or terrorist financing.
We must record and store the following:
  • the data collected and information collected for the fulfillment of due diligence obligations;
  • about the contractual partner, any persons acting on his behalf and, if applicable, beneficial owners;
  • the measures taken to identify the beneficiary;
  • determining the scope of the measures taken to comply with the general due diligence requirements;
  • to identify a higher risk that additionally requires enhanced due diligence.

5.2 Internal Implementation

The collection of all relevant data is carried out by our KYC Partner and is then provided to us.

5.3 Retention

The documents can be kept in paper form in our customer files. If an audit-proof document management system is used and archiving on a durable data carrier is guaranteed, the documents can alternatively be stored in electronic form.

The records and other supporting documents referred to above shall be retained for a period of five years. After expiry of the period, the records and receipts must be destroyed, unless other statutory provisions provide for a longer recording and retention period. In any case, the records and other supporting documents must be destroyed after ten years at the latest.

If one of our employees has doubts about the duration of the obligation to retain a document, the Responsible Managing Director must be consulted. The disposal of documents without a clear expiry of the retention period is not permitted.

6. Reporting Of Facts

6.1 Notifiable Facts

6.1.1 What Are The Reportable Issues?
Notifiable facts include:
  • suspicion of acts for the purpose of money laundering;
  • suspicion of a connection with terrorist financing;
  • the suspicion of criminal acts committed by our institute;
  • the failure of a contractual partner to indicate whether it is acting on behalf of a beneficial owner.
6.1.2 What Is Money Laundering?
Acts for the purpose of money laundering are all actions that could serve to introduce illegal money, securities and other objects with asset value (e.g., jewelry, cars, works of art) into the legal financial cycle. Illegal money is:
  • either illegally earned, i.e., the result of illegal activities;
  • or has been legally operated, but is intended to finance illegal activities;
  • or both
Illegal activities are all criminal acts within the meaning Section 261 of the German Penalty Code, including
  • tax evasion;
  • trafficking in drugs, weapons or human beings;
  • robbery or extortion;
  • smuggling or corruption.
6.1.3 What Is Terrorist Financing?
A connection with terrorist financing exists when financial resources are made available or collected to finance or support terrorist groups or acts.
6.1.4 What Is Meant By Criminal Acts?
Criminal offenses are all intentionally committed criminal offenses that could lead to a material threat for us. These can be committed from the outside (customers, business partners, competitors) or from the inside (employees, board of directors/managing directors, supervisory board, shareholders/partners). Criminal acts in this sense include:
  • Fraud;
  • Theft, embezzlement, robbery, predatory extortion;
  • Corruption (acceptance of benefits, bribery);
  • Bankruptcy or tax offenses;
  • Competition crimes, spying or interception of data, identity theft.
6.1.5 What Is Meant By Beneficial Owners Or Notional Beneficial Owners?
Beneficial owners are natural persons,
  • Owned or controlled by the other party;
  • At the instigation of which an action is carried out or a business relationship is established.
In the case of legal entities, e.g., limited liability companies, these are shareholders who directly or indirectly hold more than 25% of the shares/voting rights or exercise control in a comparable manner.

Indirect control exists when corresponding shares are held by one or more legal persons controlled by a natural person. Control occurs when the natural person can directly or indirectly exercise a dominant influence over the legal person.

In the case of foundations or trust assets, these are settlors, administrators, board members, beneficiaries or other persons who could exert influence.
6.1.5 When is there a reporting obligation?
There is an obligation to report if there are facts that indicate that money, terrorist financing or a criminal offense has been or is being attempted. In this case, there must be at least concrete, objectively recognizable indications, whereby a suspicious fact is sufficient. External information (e.g., press releases, information from supervisory or law enforcement authorities) as well as internal company findings can serve as indications.

In addition, if a contractual partner does not fulfill its obligation, there is an obligation to disclose to us whether it intends to establish, continue, or carry out the business relationship or transaction for a beneficial owner.

6.2 Reportable Matters

If there are indications of reportable fact, e.g.
  • When establishing a business relationship with a customer;
  • In the ongoing monitoring of the business relationship;
  • When executing or initiating a transaction
The employee must immediately report this to the Responsible Managing Director. This also applies if the facts of the case subsequently become apparent. The notification must already be made in cases of doubt.

The report must be made in writing or by e-mail, stating the indications. Facts reported verbally or by telephone must be documented in writing or by e-mail. Precautions have been taken to ensure that an employee can submit the report while maintaining the confidentiality of his or her identity.

6.3 Execution Ban

The Responsible Managing Director shall, immediately after filing a complaint.
  • The employee who reported the facts;
  • The responsible account manager, insofar as this person is not identical with the reporting employee;
  • As well as other persons who may be involved in a transaction in connection with this matter
To inform about the complaint. Contractual partners, clients or other third parties must not be informed.

Subsequently, the customer advisor may not execute the proposed transaction that led to the report until the money laundering and fraud prevention officer has given his consent.

An exception to the execution ban exists if it is not possible to postpone the transaction or if the postponement would impede the prosecution of the beneficiaries of the alleged money laundering or terrorist financing.

The decision as to whether there is an exception to the execution ban is the sole responsibility of the Responsible Managing Director.

6.4 Prohibition Of Disclosoure Of Information

Neither the respective customer nor a third party may be informed of the filing of a complaint.

7. Data Protection And Privacy

Stoa respects customer privacy and will manage personal data in accordance with the German Federal Data Protection Act (Bundesdatenschutzgesetz), the EU General Data Protection Regulation (GDPR), and Stoa's privacy policy.

8. Employees

All employees are checked for reliability before they are hired. Employees of Stoa will receive regular training to understand KYC policies and procedures and the laws pertaining to them. Participation in the training courses is mandatory. Any employee who does not comply with this policy may face disciplinary action.

9. Cooperation With Regularity Authorities

Stoa will cooperate fully with regulatory authorities, including the German Federal Financial Supervisory Authority (BaFin), as part of our legal and regulatory obligations.

10. Policy Review And Updates

This policy will be reviewed at least annually, and as required by changes in legislation or the nature of Stoa's operations. Any updates will be communicated to customers as required by law.