Pay.so Core provides a fintech service that facilitates crypto-to-fiat payments, where the sender sends cryptocurrencies (’Inbound Payment’) and the recipient receives fiat currency (’Outbound Payment’) . As part of our commitment to regulatory compliance and risk mitigation, we have implemented a comprehensive risk assessment and management policy. This document outlines the risks associated with our service and provides details on how we assess and review these risks on an ongoing basis. Additionally, it identifies the key individuals responsible for overseeing risk management efforts.
Performing third-party crypto-to-fiat payments exposes the company to financial and regulatory risks. The top three identified risks are detailed below:
1.2. Handling of customer funds
a) Pay.so loses a customer’s Inbound Payment funds through technical negligence or internal corruption, thus becoming liable for their return from its own balance sheet.
b) Pay.so sends an Outbound Payment to the wrong recipient, thus becoming liable for its recovery or rectification off its own balance sheet.
1.3.
2.2. Customer Risk Factors To assess the risks mentioned above, we consider various customer risk factors, including but not limited to: a) Identification and verification processes to ensure the legitimacy of customers. b) Geographical factors and jurisdictions with higher risk profiles. c) Transaction volumes and patterns that may indicate suspicious activities. d) Politically exposed persons (PEPs) or high-risk individuals/entities.
3.2. Ongoing Risk Monitoring We have established systems and procedures to monitor customer activity continuously. This includes monitoring transaction patterns, conducting periodic reviews, and implementing robust fraud detection and monitoring mechanisms. Any suspicious or high-risk activities are flagged for further investigation and appropriate action.
3.3. Enhanced Due Diligence (EDD) For customers identified as higher risk during the initial risk assessment or ongoing monitoring, we conduct enhanced due diligence. EDD involves gathering additional information about the customer's source of funds, business activities, and transaction purposes to further mitigate risks.
4.2. Risk Mitigation Measures To mitigate the risks associated with our service, we have implemented the following measures: a) Strong KYC and CDD procedures to ensure the identification and verification of customers. b) Monitoring tools and systems to detect suspicious activities and patterns. c) Employee training programs to enhance awareness and understanding of money laundering and terrorist financing risks. d) Collaboration with regulatory authorities and compliance with applicable laws and regulations. e) Regular internal and external audits to assess the effectiveness of our risk management efforts.
5.2. Compliance Officer The Compliance Officer is responsible for ensuring adherence to anti-money laundering (AML) and counter-terrorist financing (CTF) regulations and guidelines. They are involved in the risk assessment process, ongoing monitoring, and implementation of risk mitigation measures.
5.3. Risk Management Team The risk management team, under the guidance of the CRO, assists in the identification, assessment, and mitigation of risks associated with our service. They collaborate with various departments within the company to implement effective risk management practices.
[Insert Company Name] [Insert Date]