AML Policy 1.1. Company Binaryx OÜ, a limited company registered in Estonia under registry code 14819844, whose registered address is Männimäe /1, Pudisoo küla Kuusalu vald Harju maakond, 74626, Estonia (hereinafter – Binaryx) is a cryptocurrency exchange. 1.2. Binaryx shall comply with the requirements contained in the Estonian Money Laundering and Terrorist Financing Prevention Act dated by 26.10.2017, as well as the requirements of other laws and regulations to the extent in which they relate to the Binaryx’s operations, including the FinCEN requirements, the requirements set forth by the Office of Foreign Assets Control (OFAC), US Patriot Act, AML Directives of the EU. 1.3. Binaryx shall strictly adhere to the policies and procedures outlined in this document (hereinafter – the Policy). 1.4. Binaryx develops this Policy, introduces amendments and additions to it at its own discretion, and oversees compliance with its provisions and requirements. 1.5. The current version of the Policy is always available on the Site. 1.6. The User shall read the Policy prior to accepting the Binaryx User Agreement. The User’s acceptance of the Binaryx User Agreement, as well as using the Site, the User making transactions, shall signify the User’s acceptance of all provisions of the current version of this Policy. COMPLIANCE OFFICER 2.1. The management board of Binaryx appointed an Сompliance officer. 2.5. The functions of the Compliance officer are as follows: 2.5.1. organization of collection and analysis of information referring to unusual transactions or transactions suspected of money laundering or terrorist financing in the activities of the Binaryx (collection of information means collection of any and all suspicious or unusual notices received from the employees, contractual partners and agents of Binaryx, and systemizing and analysis of the information contained in them); 2.5.2. reporting to the Financial Intelligence Unit (hereinafter the FIU) in the event of suspicion of money laundering or terrorist financing (notice being given in the manner agreed with the FIU); 2.5.3. periodic submission of written statements on implementation of the rules of procedure to the management board of Binaryx; and 2.5.4. performance of other obligations related to the fulfilment of the requirements of the Money Laundering and Terrorist Financing Prevention Act by the financial institution including instructing and training employees and applying respective control mechanisms. 2.6. The Compliance officer has access to the information forming the basis or prerequisite for establishing a business relationship, including any information, data or documents reflecting the identity and business activity of the User. CUSTOMER IDENTIFICATION 3.1. The Know-Your-Customer principle is followed upon User identification. This principle means that the operating profile, purpose of operation, beneficial owner of the person as a potential customer and, if necessary, the source and origin of the funds used in the transactions and other similar information essential for the establishment of a business relationship shall be identified in addition to the person. Upon making transactions, the customer shall be identified and the compliance of transactions shall be assessed based on the customer’s main fields of activity and prior payment behaviour. 3.2. In line with the risk-based approach, Binaryx shall choose, among other things, the suitable scope of the KYC principle. 3.3. Binaryx shall identify User and the beneficial owner within a reasonable period of time prior to the commencement of the steps for entry into a long-term contract or while entering into the contract. 3.4. Any information and documents concerning establishment of identity shall be preserved in a manner making it possible to respond fully and without unreasonable delay to relevant enquiries from the FIU, investigating body, court or supervision authority. To this end, Binaryx shall set up a system enabling, in view of the characteristics of its activities, the prompt retrieval from databases and documents of the required information or document concerning identification of the customer or person participating in the transaction. 3.5. For the purposes of Customers’ identification, Binaryx requests the following documents: To verify a personal account: proof of identity (passport, driver’s license, national identity card);proof of address not older than 3 months (bank statement, utility bill); To verify a business account: all the documents specified to verify a personal account;incorporation documents for a company, including:state registration certificate (certificate of incorporation);company’s charter;articles of Incorporation (if available);document confirming the powers and authority of the person authorized to act on Binaryx’s behalf, f.i., register of directors, resolution of members, power of attorney, etc. 3.6. After carrying out the identification procedures pertaining to a User, Binaryx stores the information obtained in this User’s file. Binaryx is under obligation to carry out the identification procedures pertaining to a User once. 3.7. Binaryx is committed to protecting Users’ rights and the confidentiality of their personal data. Binaryx collects personal information from Users only to the extent necessary to ensure the Binaryx’s properly providing services to User. Such personal information about Users and former Users may be disclosed to third parties only in a limited number of circumstances, in accordance with the applicable laws and agreements between Binaryx and the User. 3.8. Binaryx shall carefully maintain Users’ files, including statements, transaction reports, receipts, notes, internal correspondence, and any other documents related to the User both in the electronic and paper format for a period of at least 5 (five) years from the date of the relevant transaction. POLITICALLY EXPOSED PERSONS 4.1. Binaryx established internal procedures in order to decide whether a potential User or its beneficial owner is a politically exposed person of a contracting state of the European Economic Area or third country, a domestic politically exposed person or a person who is or has been entrusted with a prominent function by an international organisations. 4.2. Binaryx shall identify the close associates and family members of politically exposed persons only if their link to a person carrying out significant duties of public authority is known to the public or if Binaryx has reason to believe that such a link exists. 4.3. With regard to politically exposed persons, Binaryx shall take the following measures in addition to relevant customer due diligence measures: request the required information from the User, incl. take immediate measures to identify the sources of wealth and funds used in the framework of the business relationship or transaction;collect data or make an enquiry with the respective databases or public databases;make an enquiry or verify information on the webpages of the relevant supervision authorities or institutions in the country of location of the customer or person. 4.5. The establishment of a business relationship with a politically exposed person shall be decided by the management board of the politically exposed person or the person(s) authorised by the management board. If a business relationship with a customer has been established and the customer or the beneficial owner later proves to be or becomes a politically exposed person, the management board (or persons authorised by the management board) shall be informed. 4.6 Binaryx shall exercise regular enhanced supervision in business relationships established with a politically exposed person (except in cases provided by law). 4.7. Regular supervision shall also be exercised by Binaryx after a politically exposed person has ceased to be a politically exposed person if Binaryx feels, based on the risk-based approach, that the person still entails a higher risk. SPECIFIC ISSUES CONCERNED WITH IDENTIFICATION 5.1. Identifying of beneficial owner of individual 5.1.1 Upon identifying an individual, Binaryx shall, in the event of doubt, also identify the beneficial owner of the individual, i.e. the person who controls the actions of the individual. 5.1.2. A doubt about the existence of a beneficial owner may arise, above all, if Binaryx perceives, upon applying customer due diligence measures, that the individual has been swayed to establish the business relationship or enter into the transaction. In such an event the person who exercises control over the individual shall be deemed the individual’s beneficial owner. 5.1.3. It shall be taken into account that the scope of customer due diligence, including upon identifying the beneficial owner, is related to the risk of money laundering and terrorist financing, which depends on the type of customer, its country of origin, business relationship, product, service or transaction. 5.2. Civil law partnerships and other contractual associations 5.2.1. Upon identification of civil law partnerships, all of the members of the partnership or their representatives shall be identified on the grounds applicable to individuals. The beneficial owners of the partnership shall be identified. 5.2.2. In the case of civil law partnerships, the purpose of their activity and, if necessary, the origin of the funds used shall be identified. Thereby one may rely, among other things, on clarifications and statements given by the representative of the partnership. Binaryx shall make sure that the use of funds by the partnership corresponds to the purposes of activity declared by it previously. 5.2.3. Data of the members of the partnership and their representatives shall be preserved and regularly updated. 5.3. General requirements regarding identification of legal entity upon establishment of business relationship 5.3.1. The business name, registry code, seat and place of business, information about the legal form, passive legal capacity, representatives (legal representatives and those authorized to represent the legal entity in relations with Binaryx) and beneficial owners shall be identified upon identifying legal entities. The operating profile, business partners, purpose of operation, purpose of establishment and characteristics of business relationships and other similar information required for the establishment of business relationships shall be identified as well. 5.3.2. Upon determining the seat of a legal entity, both the theory of the country of foundation as well as the theory of the seat shall be used to identify whether the legal entity may involve country and geographical risks. 5.3.3. The place of business of a legal entity shall be determined on the basis of factual circumstances, i.e. where production is based or a service is provided. 5.3.4. The identification and verification of the identity and passive legal capacity of a legal entity shall be carried out, as a general rule, on the basis of the information contained in the commercial register (in Estonia) or another equivalent register or a copy of the registration certificate or an equivalent document (for instance, in countries where there is no national register, foundation documents certified by a notary are considered equivalent) submitted in accordance with the procedure provided by law. Documents issued by a register or their equivalents shall have been issued no earlier than 6 months prior to their submission to Binaryx. 5.3.5. Documents issued in a foreign state shall be legalized or apostilled, i.e. in order to use an official document issued in one country in another, an internationally recognized certificate of the authenticity of the document is given in another. 5.3.6. Documents issued by Lithuanian, Latvian, Polish, Ukrainian or Russian authorities and officials do not require legalization or an apostille. 5.3.7. To be legalized, a document shall go through the legalization authorities of the issuing state as well as those of the receiving state (usually, foreign ministries). 5.3.8. Upon identification, legal entities are not required to submit an extract of their registry card if Binaryx has access to the required extent via the computer network to the data in the commercial register or register of non-profit organizations and foundations (including access to data in respective registers in the foreign country). 5.3.9. Upon identification of a legal entity, Binaryx is required to register the names of the executive of the legal person or members of its management board or another body substituting for it, their powers in representing the legal entity and the principal field of activity of the legal entity. If the aforesaid details are not indicated by the register extract or another relevant document, the relevant information shall be obtained by using other documents and/or reliable sources of information. 5.3.10. The need for use, the criteria of use and/or the list of reliable sources of information shall be specified by Binaryx (e.g. information issued by national registers, public authorities, credit institutions, foreign missions of the Republic of Estonia and foreign missions in Estonia may be used). 5.3.11. Binaryx shall identify the existence of politically exposed persons related to the legal entity. If no respective links appear in the information about a politically exposed person obtained from the representative of the legal entity, an enquiry shall be made with the respective databases in the event of suspicion. 5.3.12. In the case of international organizations, the documents serving as the basis for their activities (including in Estonia) shall be determined and the submission of relevant documents shall be requested. If necessary, information required for the establishment of the business relationship which is contained in the documents shall be verified. 5.4. Agency 5.4.1. Binaryx shall verify if the person is acting on their own behalf or on behalf of another (natural or legal) person. If the person is acting on behalf of another person, Binaryx shall also identify the person on behalf of whom transactions are performed. 5.4.2. Documents required to identify a legal entity shall be submitted by the legal representative or authorized representative of the entity. Binaryx shall make certain that the right of representation complies with legislation. If the submitted documents do not indicate the right of representation of the individual submitting them and/or the authority is not compliant, the identification process (and thus also the establishment of the business relationship or performance of the transaction) cannot be continued. 5.4.3. Binaryx shall identify the basis, scope and term of the representative’s right of representation. The representative shall be asked to submit a document proving the right of representation. Further attention shall be paid to the verification of the identity and right of representation of authorized representatives operating or residing in a jurisdiction different from the legal entity’s jurisdiction or whose rights of representation are valid for more than a year. 5.4.4. Clarification shall be sought on the scope of the right of representation granted to the authorized representative (for instance, whether a one-off transaction or recurring transactions over a certain period are involved). Binaryx shall take notice of the terms of the right of representation granted to the authorized representative and provide services only to the extent of the right of representation. 5.4.5. Under subsection 5 of § 22 of the Money Laundering and Terrorist Financing Prevention Act, Binaryx has the right to request that the representative of a legal entity of a foreign country submit documents proving their right of representation, notarised or certified in an equivalent manner and legalized or certified with an apostille, unless provided for otherwise in an international agreement. 5.4.6. Upon handling the right of representation of authorised and legal representatives, it shall be made certain whether the representative knows their customer. To identify the true nature of the relationships between the representative and the represented, the representative shall know the substance and purpose of the declarations of intent by the represented party and be able to answer other relevant questions about the seat of operations, fields of activity, sales and transaction partners, other related persons and beneficial owners. In addition, the representative shall confirm with their signature that they are aware and convinced of the source and legal origin of the funds used in the transaction of the represented entity. 5.5. Identification of beneficial owner of a legal entity 5.5.1. Upon the identification of a legal entity, Binaryx shall register the beneficial owner of the entity. 5.5.2. In a situation where no person holds or identifiably controls more than 25%, the circle of beneficial owners will be identified pursuant to the principle of proportionality, according to which information shall be requested about the shareholders, partners and other persons who exercise control or other significant influence over the activities of the legal entity. 5.5.3. If the identification documents of a legal entity or other submitted documents do not indicate the beneficial owner of the entity, the relevant information (including information about membership of the group of companies and the ownership and management structure of the group of companies) shall be registered on the basis of the statements or a handwritten document of the representative of the entity. 5.5.4. In order to verify information identified on the basis of statements or a handwritten document, reasonable measures shall be applied (e.g. the filing of a query with relevant registers) and the submission of the annual report or another relevant document of the legal entity shall be requested. 5.5.5. Binaryx may use a risk-based approach and take sufficient measures to verify the identity of the beneficial owner with the aim of making certain as to whom the beneficial owner in the business relationship or transaction is. With respect to compliance with this requirement, Binaryx is left with several options in order to decide: the extent to which public information about shareholders or members will be used; the extent to which relevant information will be requested orally or to record obtained information in writing or in a form that can be reproduced in writing; in which cases the customer will be asked to complete a respective questionnaire; or what other options can be used and are practicable in the event of Binaryx. 5.5.6. It shall be taken into account that the scope of customer due diligence with respect to the customer (incl. identification of the beneficial owner) is related to the risk of money laundering and terrorist financing, which depends on the type of customer, their country of origin, business relationship, product, service and transaction. 5.5.7. Higher attention shall be paid to companies founded in territories with a low tax rate, whose beneficial owners are often difficult to identify. 5.5.8. Binaryx can consider a person who exercises control in another manner, without having a 25% shareholding in Binaryx, as the beneficial owner. This situation arises when Binaryx suspects that a third party whose links to a company cannot be legally proven or are difficult to prove the exercises of control over management of a legal person. 5.6. Requirements for identification of non-resident legal entities 5.6.1. In the event of the identification of legal entities that are non-residents, Binaryx shall comply, to the greatest extent possible, with the same requirements as in the event of customers that are residents, taking into account the specifications arising from the country of origin and legal form of the non-resident customer. Due to differences in legal regulations in different countries, the rules of procedure of Binaryx shall also set out detailed requirements and guidelines for the identification of the passive legal capacity of the legal entity by means of other documents and/or reliable information sources. 5.6.2. Upon identifying the passive legal capacity of a non-resident legal entity and handling documents certifying the powers of representatives, it shall be verified whether the documents meet the requirements established in Estonian legislation with respect to legalisation of foreign documents. 5.6.3.Due to differences in legal regulation in different countries, Binaryx shall pay attention, above all, to companies founded in countries or territories with a low tax rate, because it is not always abundantly clear whether they have passive legal capacity. In many countries, the standards for identifying a customer and registration and preservation of documents are lower than in Estonia, as a result of which particular attention shall be paid to the content of the documents of the companies registered in such countries and to the manner of their submission. 5.6.4. Particular attention shall be paid to information and documents submitted in the case of persons whose country of origin is on the FATF’s list of countries that do not contribute sufficiently to the prevention of money laundering. Binaryx shall avoid business relations with persons whose place of residence or location is in the country listed by FATF high risk and non-cooperative countries. That list can is defined at: http://www.fatf-gafi.org/countries/#high-risk . 5.6.5. In the event of foreign-language documents, Binaryx is entitled to request a translation of the documents into a language understood by it. The use of translations should be avoided in a situation where the original documents have been prepared in a language understood by Binaryx (e.g. the translation of English-language original documents into Russian). 5.7. General requirements regarding the application of customer due diligence measures upon execution of transactions 5.7.1 In addition to the establishment of a business relationship, customer due diligence measures shall also be taken if: 5.7.1. in the event of any kind of transaction, incl. in the event of an offer made in the course of provision of a counselling service whose price exceeds the limit specified in the Money Laundering and Terrorist Financing Prevention Act. Thereby it is irrelevant whether the pecuniary obligation is performed by means of cash or cashless settlements; 5.7.2. the amount of a single transaction or the total amount of consecutive transactions exceeds the limit provided by law (or the internal procedure rules of Binaryx). The obligation shall be performed upon occasional transactions made by a non-customer; 5.7.3. Binaryx has doubts about the correctness or sufficiency of the data collected upon establishment of the business relationship and if the actions of the other party are not ordinary or transparent as well as if Binaryx suspects money laundering or terrorist financing; and 5.7.4. Binaryx does not suspect money laundering or terrorist financing for the purposes of subsection 1 of § 49 of the Money Laundering and Terrorist Financing Prevention Act and does not have the reporting obligation for the purposes of subsection 3 of § 49 of the Money Laundering and Terrorist Financing Prevention Act, but the transaction is complex and extraordinarily large or the transaction scheme is unusual and does not have an obvious economic or legal purpose. 5.7.2. Binaryx shall constantly assess changes in the customer’s operations and whether these may raise the risk level so that additional customer due diligence measures need to be taken. 5.7.3. The application of customer due diligence measures also calls for the existence of the respective monitoring systems whose purpose is to detect reaching the transaction limit or the existence of risk factors and inform the appropriate persons thereof for the purpose of identifying suspicious or unusual transactions. If Binaryx comes to suspect money laundering in the course of monitoring transactions, the FIU shall be informed thereof. 6. FOLLOWING TRANSACTIONS 6.1. The following of unusual and suspicious transactions is an important part of the set of customer due diligence measures applied by financial institutions and allows for the identification of circumstances that may point to money laundering or terrorist financing in the economic activities of customers. Also, the purpose of following a customer’s transactions is to identify transactions with subjects of international sanctions and politically exposed persons and detect and notify of transactions whose limit or other parameters exceed the prescribed value over a certain period of time. 6.2. Transaction-following measures can be divided into two. One can use measures which enable, based on parameters or features developed with the help of Binaryx’s prior work experience, transactions to be followed in real time as well as analysed afterwards. 6.3. Screening 6.3.1. In the event of following transactions in real time, customer executives or other employees observe, upon performing their duties, the customer’s behaviour and transactions with the aim of detecting unusual or suspicious transactions or transactions exceeding the prescribed limits. 6.3.2. Upon following transactions in real time, information technology tools which, using predefined parameters, select transactions made over a certain period shall be used. The screening parameters depend on information technology possibilities and established goals. What shall be identified is as follows: politically exposed persons involved in transactions; transactions with persons whose name, date of birth etc. match data disclosed in lists of persons subject to international sanctions; transactions with persons whose country of operation or origin is included on the list of higher (terrorist) risk countries; and persons whose transactions are subject to one-off temporary monitoring. 6.4. Monitoring 6.4.1. Default User have right to use only banking accounts opened in their name. In some cases User may use the banking account of a third party if there is a legal ground for it and provides all documents and information requested to Binaryx. 6.4.2. Binaryx shall analyze User previous financial transactions before entering in a deal with Binaryx if it is required and neсessary. 6.4.3. Upon monitoring transactions, measures shall be taken to verify the submission of information required about the payer upon money transfer, banking transfer. In order to help detect suspicious transactions, payment service providers should take measures to detect the absence of payer-related information in payment instructions. 6.4.4. With the help of monitoring systems, the recipient’s payment service provider shall check whether the reporting or payment and settlement system fields used for making the transaction have been filled with the symbols or input used in the reporting or payment and settlement system with regard to the information relating to the payer. 6.4.5. Using monitoring systems, payments with insufficient data about the payer (incl. the payer’s name, address and account number) shall be identified among the payments of the payment service provider of the payer. Thereby the payer’s address can be replaced with the payer’s date and place of birth, customer number or personal identification code, and if the payer does not have an account number, the payment service provider of the payer will replace it with a unique feature with the help of which the payer can be identified. 6.4.6. For the purpose of analysing transactions afterwards (monitoring), Binaryx can analyse transactions separated from the mass of transactions based on predefined parameters. Transactions it is not possible to interfere with during execution (e.g. transactions made via an ATM) are the main objects of monitoring. In addition, upon subsequent monitoring of transactions, the largest transactions based on the sum, currency and customer type over a certain period are analysed. A list of typical parameters on the basis of which transactions can be selected for monitoring is given below: single large international payments (e.g. whereby the sum ends with at least four zeros); international payments whose description contains the words „loan‟, „deposit‟, „payback‟ etc.; accounts (of individuals and legal entities) with the highest turnover in the period under review based on currencies (of individuals and legal entities); the largest transactions (of individuals and legal entities) in the period under review (of individuals and legal entities) based on different currencies; transactions made via an ATM which exceed a certain limit over the period under review; cash withdrawals in a bank branch based on currencies as well as individuals and legal entities which exceed a certain limit; single transactions that exceed the limit, which are made by customers whose turnover is small; sudden upsurge in turnover of holders of correspondent banks‟ VOSTRO accounts; transactions with persons whose country of operation or origin is on the list of higher (terrorist) risk countries; payments to high-risk countries; payments relating to risky banks; and transactions of specific customers or customer types. 6.4.7. If the payment service provider of Binaryx or affiliated person authorized to receive payments on behalf of Binaryx notes that the required information about the payer is missing or incomplete upon receiving a payment, the recipient shall refuse the transaction or request full information about the payer. 6.4.8. If a Useris regularly unable to give the requested information about the payer, Binaryx shall take measures which include giving warnings and setting time limits. Thereafter the recipient may refuse to enter into any transactions with the customer or limit or terminate the business relationships with the customer. The payment service provider of the recipient informs the FIU thereof. 7. RISK-BASED APPROACH 7.1. Binaryx shall recognize, assess and understand money laundering and terrorist financing risks in its own activities and in the activities of its Users and take measures to mitigate the risks. The applicable measures shall correspond to the identified risk level. 7.2. In the event of the risk-based approach, Binaryx shall assess the probability of the realization of risks and what the consequences of their realization are. Upon assessment of probability, the chance of an increase in the threat and the possibility of occurrence of the respective circumstances shall be taken into account, e.g. the possible threats that may influence the activities of the User and the service provider shall be taken into account. 7.3. Binaryx shall take all customer due diligence measures. The scope of taking the measures depends on the characteristics of the given business relationship or the risk level of the person or customer participating in the transaction or official act; thereby the Know-Your Customer principle shall be followed. The Money Laundering and Terrorist Financing Prevention Act provides for a few exceptions to the automatic application of certain customer due diligence measures, e.g. the amount-based reporting obligation in accordance with subsection 3 of § 49 of the Money Laundering and Terrorist Financing Prevention Act. 7.4. Upon identifying and substantiating the risk levels of Users participating in a transaction, Binaryx shall take into account, among other things, the following risk categories: 7.4.1. Customer risk whose factors arise from the person or customer participating in a transaction; among other things, the following shall be taken into account: whether it is a politically exposed person; whether the person is represented by a legal person; whether a third party (individual) is the beneficial owner; whether the identification of the beneficial owner is impeded by complex and non-transparent ownership relations; the residency of the person, including whether it is a person registered in a territories with a low tax rate; whether the person is subject to an international sanction; circumstances (including suspicious transactions identified in the course of a prior business relationship) resulting from the experience of communicating with the person, its business partners, owners, representatives and any other such persons; the duration of the operations and the nature of business relationships; the nature of the personal activities of an individual; whether the origin of the person’s assets or the source and origin of the funds used for a transaction can be easily identified. 7.4.2. Country or geographical risk, whose factors arise from differences in the legal environment of various countries: whether the country applies legal provisions that are in compliance with the international standards of prevention of money laundering and terrorist financing;whether there is a high crime rate (incl. drug-related crime rate) in the country;whether the country cooperates with a criminal group; whether criminal groups use the country to pursue their operations;whether the country engages in proliferation;whether there is high level of corruption in the country;whether international sanctions have been or are being imposed on the country; andwhether other measures have been taken against or positions of international organizations have been expressed on the country. 7.5. Taking account of the aforementioned risk categories, Binaryx shall determine the risk level of the person or customer participating in a transaction, e.g. whether the customer’s money laundering or terrorist financing risk level is low, normal or high or whether it corresponds to other risk level qualifications determined and used by Binaryx. 7.6. To determine the impact of each risk category, Binaryx shall assess the likelihood of occurrence of risk factors in the risk category. To determine the impact of a specific risk category, the qualifying quantity of occurrence of the risk factors characterizing it may be used for the purpose of deeming a specific risk factor as „having an impact‟ or as „not having an impact‟ in the event of exceeding a certain threshold. 7.7. CATEGORIES OF CLIENTS 7.7.1. Four categories associated with the person participating in the transaction shall be taken into account upon risk assessment: I. place of residence or seat of the person participating in the transaction – country and geographical risks shall be taken into account; II. parameters characterising the person participating in the transaction – customer risk shall be taken into account; III. economic activities of the person participating in the transaction – product and service risks shall be taken into account; and IV. transaction partners of the person participating in the transaction and risks related to them – the customer risk of the transaction partners of the person participating in the transaction, the country and geographical risks and the product and service risks shall be taken into account. 7.7.2. The risk is low – There are no risk factors of impact in any risk category and the customer and the customer’s operations are transparent and do not deviate from the operations of an average, reasonable person engaged in the same field. Thereby there is no suspicion that the risk factors on the whole might cause the realisation of the threat of money laundering or terrorist financing. 7.7.3. The risk is medium – There is one risk factor or there are several risk factors in the risk category, which differ(s) from the operations of a person engaged in the same field, but the operations are still transparent. Thereby there is no suspicion that the risk factors could, on the whole, cause realisation of the threat of money laundering or terrorist financing. 7.7.3. The risk is high – There is one feature or there are several features in the risk category which, on the whole, undermine the transparency of the person and the person’s operations, as a result of which the person differs from a person operating in the same field. Thereby the realisation of the threat of money laundering or terrorist financing is at least possible. 8. THIRD PARTIES AND CONDUCTING OF CORRESPONDING RELATIONS 8.1. To perform some of its business functions, Binaryx uses third-party service providers. Binaryx shall make an effort to determine, during the initial and ongoing due diligence process, to the extent possible whether there are any initiated investigations and filed lawsuits against any such third-party service providers. Binaryx shall also determine whether a third-party provider has obtained all the necessary licenses, permits, and approvals before establishing a business relationship with such third-party service provider. 8.2. With respect to its own staff, Binaryx shall carefully review all candidates for employment and determine whether the activities of a new employee fall in the category that is susceptible to money laundering activities. In addition, Binaryx has prepared and implements a number of personnel training programs on customer identification procedures and prevention of money laundering activities.