The Digital Operational Resilience Act (DORA) is a groundbreaking EU regulation designed to fortify the financial sector’s ability to withstand and recover from operational disruptions. Coming into full effect on January 17, 2025, DORA introduces uniform requirements for financial entities and their ICT service providers, ensuring robust protection against ICT-related risks. With its comprehensive approach...
For crypto businesses operating in Europe, compliance is no longer optional — it’s a necessity. The Markets in Crypto-Assets Regulation (MiCA) and Anti-Money Laundering (AML) requirements are transforming the regulatory landscape, making it essential for businesses to align with these frameworks. Whether you’re an existing Virtual Asset Service Provider (VASP) or a new crypto business...
As the MiCA (Markets in Crypto-Assets) regulation rolls out across the European Union, crypto businesses need to be prepared. Starting in 2025, all Virtual Asset Service Providers (VASPs) must transition to becoming Crypto-Asset Service Providers (CASPs) by securing a MiCA CASP license. The right choice of jurisdiction to base your operations is crucial—and Poland stands...
Poland office: +48 222 085 280
Estonian office: +372 5874 6380
office@complium.eu
Registry code: 0001089880
VAT number: 5252993463
Office: Solipska 3/5, 02-482 Warszawa
| Subject: | Advanced Training of Anti-Money Laundering and Countering Terrorism Financing (AML/CFT) for Virtual Currency Service Providers | |
| Target Group: | Members of the Board, Money Laundering Reporting Officers for the Financial Intelligence Unit, Anti-Money Laundering service providers and employees who are responsible and/or manage and/or organize the prevention of money laundering and terrorist financing in virtual currency service providing companies. | |
| Objective: | To ensure that the virtual currency service provider is prepared to implement anti-money laundering requirements, to map its risks (i.e. “vulnerability” in the context of money laundering), determine its risk appetite, prepare a risk assessment, develop a risk management methodology and approve risk mitigation rules. In addition, to prepare the Rules of Procedure, implement the due diligence measures and monitor its compliance according to the Internal Control Rules.
The aim of this advanced training is to provide additional knowledge from the perspective of the regulator, to present essential nuances in legal regulation of money laundering prevention, documentation requirements and solutions to most common problems in the application of procedural rules. Also, to introduce the most common problems related to the due diligence, the nuances of KYC and KYT procedures and relevant case studies. |
|
| Description of the Subject Content:
|
1. A more in-depth overview of the legal regulations preventing money laundering. Expectations from the regulator. What lies behind the field terms and definitions. Requirements for identification of persons.
2. Responsibility of the Member of the Board for preventing money laundering; obligations of the MLRO.
3. Risk assessment and Risk Appetite (exercises based on a specific company’s business plan).
4. Mitigating KYC and KYT risks regarding persons, documents, transactions and implementation of proper due diligence measures.
5. Case analysis.
|
3 h
1 h
4 h
6 h
3 h |
| Learning Outcome: | Learner who has completed the training:
– knows the professional legal space, – knows the established requirements for virtual currency handlers, – knows the tasks and responsibilities of the: 1st line of defense, of the 2nd line of defense and of the 3rd line of defense, – can adapt and implement due diligence measures to prevent money laundering in the company, if necessary, – knows and is able to recognize possible frauds when carrying out KYC and KYT procedures.
|
|
| Study form: | Online lecture and independent exercises. | |
| Requirements for graduation | Passing the exam | |
| Evaluation method | The exam threshold is 70% correct answers in the written test. | 1 h |
| Document to be issued | Certificate. | |
| Volume of study: | Total 18 hours.
|
The preparation and implementation of the training is based on the principles of adult education. Complium OÜ is registered as an adult educator in the Estonian Education Information System with licence number 221622.
PRIVACY POLICY OF COMPLIUM OÜ
INTRODUCTION
Complium OÜ is a legal entity with registry code 14996517, registered office at Narva mnt 7d, Tallinn 10117, Republic of Estonia. Complium OÜ was founded in Tallinn in 2020 and has developed into a recognised company in Estonia in the field of preventing money laundering and terrorist financing.
In the course of our activities, we collect and use your personal data in order to provide you with the best service, advice, and solutions, and to fulfil our contracts with you.
We protect your data and privacy in all ways provided by applicable law.
In order to ensure the secure processing of the aforementioned personal data, Complium OÜ has established processing rules, administrative regulations and other organisational, IT and physical data protection measures.
Secure personal data processing measures extend to all information systems and human activity processes used, including employees, suppliers, customers, service providers and other third parties who have access to personal data processed by Complium OÜ.
The information contained in this Privacy Policy applies to the personal data of natural persons, but not to the data of companies or other legal entities or institutions. The information also applies to the personal data of all natural persons engaged in vocational and professional activities (e.g. employees of a company or organisation). If you communicate with us as a person related to a Business Customer, we will also register and use your personal data.
WHY DO WE COLLECT AND USE YOUR PERSONAL DATA?
We collect and use your data to provide you with the best advice and solutions, to fulfil our agreements with you, and to comply with our legal obligations regarding the collection and retention of personal data.
This means that we collect and use your personal data if:
WHAT PERSONAL DATA DO WE COLLECT AND USE?
In its daily business, Complium OÜ processes various personal data, including:
If we are obliged to verify the correctness of personal data pursuant to the anti-money laundering regulations, Complium OÜ will check the personal data received from the Data Subject from state registers and other reliable sources. If necessary, the personal data received from the Data Subject will be supplemented and amended.
If Complium OÜ is an obligated person according to the anti-money laundering regulation, Complium OÜ is required to assess the risk of money laundering and terrorist financing. In this case, we process the personal data of the Data Subject (taking into account, for example, the Data Subject’s place of residence, field of activity, whether the Data Subject is a politically exposed person; in the case of a legal person represented by the Data Subject – its location, field of activity, management bodies and ownership structure) and the nature of the transaction. Based on the above, Complium OÜ applies due diligence measures either in a simplified or enhanced manner.
Special categories of personal data
In its economic activities, Complium OÜ does not collect personal data such as racial or ethnic origin, political views, religious or philosophical beliefs or trade union membership, genetic data, biometric data used for the unique identification of a natural person, health data or data about a natural person’s sexual life and sexual orientation.
Complium OÜ collects special categories of personal data in its economic activities only if we need them in order to provide you with service-related advice or to provide you with a service. For the processing of special categories of personal data, we will ask for your explicit consent, unless the law gives us the right to process special categories of personal data without your consent (e.g. to legally enforce our claims).
We may also collect other personal information if it is necessary to provide you with specific services or if required to do so by law.
Our ability to advise you and provide you with the best solutions depends to a large extent on how well we know you. Therefore, it is important that you provide us with correct and accurate information and keep us informed of any changes.
WHAT DO WE COLLECT AND USE YOUR PERSONAL DATA FOR?
Complium OÜ processes personal data in order to:
We also collect and use data for other activities related to the provision of services, including the following activities:
We collect data directly from you or by monitoring your activities, such as when you:
We will only retain your data for as long as it is necessary for the purpose for which we collected and used your data, unless otherwise provided by applicable law, or as follows:
After the expiry of the Personal Data retention period, we may retain your Personal Data for longer than is necessary to comply with a legal obligation or requirement, to resolve legal disputes, or to ensure the performance of a contract with us.
At the end of the personal data retention period or if the legal basis related to the purpose of processing personal data ceases to exist, we may retain materials containing your Personal Data in backup systems, from which they will be deleted at the end of the backup cycle. During the backup period, we implement appropriate measures to ensure the security of backed up materials. Backed up materials are decommissioned, not processed for any purpose, and erased as soon as possible, i.e. at the end of the backup cycle.
THIRD PARTIES AND YOUR PERSONAL DATA
Personal data received from third parties
We register and use personal data obtained from third parties, such as:
Third parties to whom we disclose your personal data
In certain cases, we may disclose your personal data to third parties if:
With your consent, when transferring personal data to data processors located in third countries (i.e. outside the European Union and the European Economic Area), we ensure the protection of your rights and that, in the event of such data transfer, your personal data is maintained at a level of protection that meets the conditions approved by the European Commission.
PROFILING AND AUTOMATED DECISIONS
Profiling
Complium OÜ does not perform automated processing of your personal data, the purpose of which would be to evaluate, analyse and forecast certain personal aspects related to a natural person, in particular such aspects related to the relevant natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movement.
Automated decision-making
Complium OÜ does not perform automated processing of your personal data, the purpose of which would be to evaluate your personal data in order to take decisions that may restrict your rights and freedoms.
YOUR RIGHTS
Accessing your personal data
You can access the personal data collected and used about you, the sources thereof and the purposes of their use. You will be able to obtain information about how long we retain your data and to whom and to what extent we transmit it. Your right to access your personal data may be limited by applicable legislation, the rights of others to ensure their privacy, and the needs of our operations. Our know-how, trade secrets, internal assessments and materials may also be part of the information that cannot be accessed.
Right to state objections
You have the right to raise objections to the processing of your personal data, including if we rely on our legitimate interests in processing the data.
You also have the right to object to the use of your personal data for direct marketing.
Rectification or erasure of data
If your data is incorrect, incomplete or irrelevant, you have the right to request the rectification or erasure of the data, taking into account the restrictions arising from applicable legislation and the rights related to data processing.
Restriction of data use
If you find that the information we have collected about you is incorrect, or if you have objected to the use of the data, you may request that we restrict the use of the data to retention only. The use is limited to retention only until it is possible to establish the accuracy of the data or to verify that our legitimate interests outweigh your interests.
If you have the right to request the erasure of data, you can instead request that we limit our use of the data to the retention only. If we need the data we collect about you only to enforce or defend legal claims, you may request that the data not be used for purposes other than retaining. However, we may have the right to use the data in a different way if this is necessary to enforce the claims or if you have given your consent.
Withdrawal of consent
If the use of data requires your consent, you can withdraw this consent at any time. Please note that if you withdraw your consent, we may not be able to provide you with certain services. We will also continue to use your personal data, for example, to perform a contract with you or in accordance with legal requirements.
Data portability
If we use the data on the basis of your consent or agreement and the data processing is automated, you have the right to receive a copy of the data you have provided in an electronic machine-readable format.
Time of realisation of the rights, summarised in a table
| Rights | Realisation |
| Right to consent to data processing | Consent is requested immediately upon data collection (if the data is collected directly from you) or within one month (if the data is collected from a third party) |
| Right to withdraw consent to data processing | Instantly, without unreasonable delay |
| Right to access data | Within one month of the application |
| Right to rectification of data | Within one month of the application |
| Right to erasure of data, “to be forgotten” | Instantly, without unreasonable delay |
| Right to restriction of data processing | Instantly, without unreasonable delay |
| Right to data portability | According to the submitted application |
| Right to state objections | Proceedings shall be initiated on receipt of an objection |
| Rights related to automated processing or profiling. | According to the submitted application |
USE OF COOKIES
Complium OÜ uses cookies on its websites. Cookies are small text files that are downloaded to your device when you visit our website.
By continuing to use our website, you consent to the use of cookies in accordance with the rules of these terms and conditions.
If you do not agree to the use of cookies, you have the option to configure your browser so that your computer does not store cookies. In this case, however, we cannot guarantee that all functions on our site will work correctly for you. More information on managing and disabling cookies can be found on the website http://www.allaboutcookies.org/
With the help of cookies, we can improve the quality of services. We use cookies to collect statistical data, to remember the preferences of the visitor of the page, to serve advertisements.
When visiting Complium OÜ websites, our data analysis and advertising partners (Google Analytics, Facebook, YouTube, etc.) can also store cookies on your device.
SECURITY OF PERSONAL DATA PROCESSING
Complium OÜ stores personal data only for the strictly minimum necessary time. Personal data with an expired retention period will be destroyed using best practices.
Complium OÜ ensures the protection and appropriate security of personal data, including against unauthorised or illegal processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Access to personal data is granted only to processors who have the necessary right to do so and only to the extent necessary to achieve the purpose arising from the legitimate interest.
Complium OÜ confirms that it complies with the requirements in force in the EU regarding the protection of personal data. Complium OÜ makes every effort to protect personal data. We process personal data only for specific and legitimate purposes and only to the extent necessary for such purpose. We also demand the same values and adherence to our personal data processing rules from our cooperation partners.
In the event of any incident involving personal data, Complium OÜ will take all necessary measures to alleviate the consequences and to mitigate similar risks in the future.
TERMS OF USE OF NOTIFICATIONS
Notifications are offers sent to the subscribers through communication channels that, in the opinion of Complium OÜ, may be of interest to the subscribers.
You can opt out of notifications at any time. To unsubscribe from the newsletter, you can click on the link at the end of the letter. To opt out of other notifications, please contact office@complium.eu.
By subscribing to the newsletter, you consent to the retention and processing of your personal data in accordance with our rules. Personal data will not be shared with third parties.
Complium OÜ processes your personal data in accordance with EU data protection and other personal data protection legislation.
If you have any questions, please contact office@complium.eu.
CONTACT INFORMATION AND SUBMISSION OF COMPLAINTS
If you have any questions regarding your rights in relation to the processing of your personal data, or if you have any questions about how we collect and use personal data or if you are not satisfied with the way we process your personal data, please contact us:
Complium OÜ
Address: Narva mnt 7d, Tallinn 10117, Republic of Estonia
Phone: +372 587 46 380
Email: office@complium.eu
If your data protection contact with Complium OÜ has not produced a satisfactory result, you have the right to submit a relevant dispute with Complium OÜ or file a complaint with a supervisory authority:
Data Protection Inspectorate
Tatari 39, Tallinn 10134
phone: +372 5620 2341
Email: info@aki.ee
website: www.aki.ee
Last updated 05.01.2023
