2. RULES AND MECHANISMS OF СOOPERATION OF DIGITAL ASSET SERVICE PROVIDERS WITH SECOND-TIER BANKS OF THE REPUBLIC OF KAZAKHSTAN
2.1. Opening of bank accounts by second-tier banks of the Republic of Kazakhstan
2.1.1. Within the framework of interaction second-tier banks of the Republic of Kazakhstan:
a) open one or several bank accounts for Digital Asset Service Providers authorised in the AIFC in accordance with the legislation of the Republic of Kazakhstan.
b) ensure control over Clients deposits and withdrawals of money for the purposes of Clients transactions with Digital Assets, customer due diligence and compliance with anti-money laundering and countering the financing of terrorism (AML/CFT) requirements, including identification and suspension of suspicious transactions.
c) ensure effective AML/CFT monitoring in particular in case of Clients of Digital Asset Service Providers depositing their bank accounts with money.
2.1.2. A bank shall assess the ML/TF risk of the Digital Asset Service Provider. If a Digital Asset Service Provider is assigned a high level of ML/TF risk, a bank shall apply enhanced customer due diligence measures and shall be responsible for the following when carrying out banking operations:
a) assessing the extent to which the services (products) provided by the Digital Asset Service Provider are exposed to ML/TF risks;
b) conducting due diligence procedures when establishing a business relationship, which include, in addition to the due diligence measures provided for Clients, obtaining and recording information about the reputation and nature of the Digital Asset Service Provider's business and measures taken against it by the Astana Financial Services Authority;
c) termination of business relationships with the Digital Asset Service Provider in cases where a bank has detected the facts of the use by the Digital Asset Service Provider of accounts held in a Shell Bank;
d) refusal to establish or termination of business relationships with a Digital Asset Service Provider whose founders are registered in a foreign country which is:
I. included in the list of states (territories) that do not or insufficiently implement the recommendations of the Financial Action Task Force (FATF) compiled by the authorised financial monitoring body;
II. subject to international sanctions under the United Nations Security Council resolutions;
III. included in the list of offshore zones in accordance with the Decree of the Management Board of the Agency of the Republic of Kazakhstan on Regulation and Development of Financial Market dated 24 February 2020 № 8 "On the establishment of the List of offshore zones for the purposes of banking and insurance activities, activities of professional participants of the securities market and other licensed activities on the securities market, activities of joint stock investment funds and activities of organisations engaged in microfinance activities", registered in the Register of state registration of regulatory legal acts under №20095;
IV. identified by the bank as posing a high ML/TF risk based on other factors (information on the level of corruption, illegal production, trafficking and/or transit of drugs, information on support for international terrorism, and others).
e) monitoring and examining transactions with the Digital Asset Service Provider's money, as well as preventing illegal withdrawal of funds abroad, including to offshore zones;
f) taking measures set out by the requirements of the legislation of the Republic of Kazakhstan on counteraction to legalisation (laundering) of proceeds of crime and terrorism financing in case of detection of suspicious transactions with money and (or) other property (hereinafter – “suspicious transactions”);
g) termination of business relationships with the Digital Asset Service Provider in cases set out by the requirements of the legislation of the Republic of Kazakhstan on counteraction to legalisation (laundering) of proceeds of crime and terrorism financing;
h) ensuring that the Source of Funds of the Digital Asset Service Provider is verified when depositing a bank account;
i) ensuring that records of money transactions are kept, and the information is provided to the authorised financial monitoring body;
j) ensuring that documents, data and/or information obtained and collected as part of the due diligence of the Digital Asset Services Provider are retained for at least five years;
k) verification of affiliation and (or) involvement of the Digital Asset Service Provider and its beneficial owner with a politically exposed person, his/her spouse and close relatives in cases established by the requirements of the legislation of the Republic of Kazakhstan on counteraction to legalisation (laundering) of proceeds of crime and terrorism financing;
l) submission of necessary information to the authorised financial monitoring body in case of detection of suspicious transactions within the period of time set out by the requirements of the legislation of the Republic of Kazakhstan on counteraction legalisation (laundering) of proceeds of crime or financing of terrorism;
m) a bank must conduct enhanced customer due diligence measures with respect to the bank's Clients conducting occasional banking transactions with the Digital Asset Services Provider when a transaction amount equals to or exceeds USD 1,000 (one thousand) in equivalent at the market foreign exchange rate on the date of the banking transaction, and shall be responsible for:
i. ensuring verification of the Source of Funds of the bank's Clients in case of making transfer in favour of a Digital Asset Service Provider carrying on an activity of Operating a Digital Asset Trading Facility;
ii. taking measures set out by the requirements of the legislation of the Republic of Kazakhstan on counteraction legalisation (laundering) of proceeds of crime and financing of terrorism in case of detection of suspicious transactions;
iii. monitoring and examining operations with the bank's Clients' money, as well as preventing illegal withdrawal of funds abroad, including to offshore zones;
iv. termination of business relationships with the bank's Clients in cases provided under the requirements of the legislation of the Republic of Kazakhstan on counteraction to legalisation (laundering) of proceeds of crime and terrorism financing.
A bank shall ensure that the Сlients comply with the limits established by the Rules of formation of risk management and internal control system for second-tier banks, branches of non-resident banks of the Republic of Kazakhstan, approved by the Decree of the Management Board of the National Bank of the Republic of Kazakhstan dated 12 November 2019 № 188 in respect of various categories of Clients on operations with Digital Assets.
n) When opening a bank account to service Clients transactions, a Digital Asset Services Provider shall submit the following documents:
i. a Digital Asset Services Provider’s licence issued by the Astana Financial Services Authority;
ii. an extract from the register confirming the registration of a Digital Asset Service Provider as a Centre Participant;
iii. a Digital Asset Services Provider’s business plan and business model;
iv. a Digital Asset Service Provider's policy on combating ML/TF;
v. order on the appointment of the Chief Executive Officer of a Digital Asset Service Provider;
vi. information on the executive body of a Digital Asset Service Provider and its Chief Executive Officer (identity document, proof of residence, letters of recommendation, information on the absence of an outstanding or unexpunged criminal conviction).
o) Effective internal control is ensured by forming appropriate management controls and a control culture (control environment).
p) Management control and control culture (control environment) characterise the general attitude, awareness and practical actions of the bank's board of directors and management board aimed at the establishment and effective functioning of the internal control system.
2.2. Requirements to bank accounts of a Digital Asset Service Provider
2.2.1 Following is used to open bank accounts to service the Clients’ transactions of a Digital Asset Service Provider:
a) documents required by the Rules of formation of risk management and internal control system of second-tier banks, branches of non-resident banks of the Republic of Kazakhstan, approved by Decree of the Management Board of the National Bank of the Republic of Kazakhstan No. 188 dated 12 November 2019;
b) documents required by the Rules of internal control for the purposes on counteraction to legalisation (laundering) of proceeds of crime and terrorism financing and financing the proliferation of weapons of mass destruction for second-tier banks, branches of non-resident banks of the Republic of Kazakhstan and National postal operator, approved by the Decree of the Management Board of the Agency of the Republic of Kazakhstan on Regulation and Development of Financial Market No.18 dated 22 March 2020;
c) documents required by the Rules of opening, maintenance and closing of clients' bank accounts approved by the Decree of the Management Board of the National Bank of the Republic of Kazakhstan No.207 dated 31 August 2016 and bylaws of second-tier banks of the Republic of Kazakhstan.
2.2.2 A Digital Asset Service Provider opens bank accounts in one or several second-tier banks of the Republic of Kazakhstan to hold Сlients money in national, or foreign currency.
2.2.3 Digital Asset Service Providers shall hold Сlients money and its own money in separate accounts.
2.2.4 When depositing bank accounts in accordance with the requirements of legal acts indicated in rule 2.2.1 above, to service Client transactions of a Digital Asset Service Provider, second-tier banks of the Republic of Kazakhstan shall develop effective mechanisms of carrying out verification of Client funds.
2.2.5 Clients of a Digital Asset Services Provider are prohibited to carry out following transactions:
a) Third-party deposits and withdrawals (deposits and withdrawals can only be made from the Сlients’ own bank account or Virtual account with confirmation from the servicing bank that the bank account and Virtual account belong to this person); and,
b) withdrawal of fiat (money) from the Virtual account to the bank account of third persons.
2.2.6 A Digital Asset Service Provider shall ensure compliance with the requirements of rule 2.2.5 in cooperation with the second-tier bank of the Republic of Kazakhstan, with which a Digital Asset Service Provider has opened a bank account.
2.2.7 A Digital Asset Service Provider shall transfer funds from its Client bank account(s) opened with a second-tier bank of the Republic of Kazakhstan to its Client's bank account (when withdrawing by him/her money from a Digital Asset Service Provider) only after the second-tier bank of the Republic of Kazakhstan confirms that this bank account belongs to the Client.
2.2.8 The exchange of information between a Digital Asset Service Provider and a second-tier bank of the Republic of Kazakhstan shall be conducted on the basis of an agreement(s).
2.2.9 A Digital Asset Service Provider shall keep records of the Clients Money of the Digital Asset Service Provider through individual Virtual accounts. Such accounts shall be used to record fiat funds (money) transactions of the Digital Asset Service Provider’s Clients. If technically possible, the Digital Asset Service Provider may operate without keeping records of Clients Money through Virtual Accounts.