Sanctions Policy

Draft: November 2025

Important Notice

Sanctions compliance does not operate in isolation. Rather, it is one element, along with AML, CFT and CPF, of THEMIS CARBON CY LTD financial crime compliance framework. So, all the relevant provisions and APPENDIXES of the AML Manuals and all the relevant procedures are also applicable.

The Senior Management/Board of Directors of the Company is responsible for approving the policies, procedures and controls applied by the Company. This document applies to all employees of the Company and should be read in conjunction with other policies and procedures of the Company.

KEY DEFINITIONS

AML/CFT Law: means the Prevention and Suppression of the Money Laundering and Terrorist Financing Law (L. 188(Ι)/2007), as applicable from time to time.
AMLD6: Sixth Anti-Money Laundering Directive (Directive (EU) 2018/1673)
Asset freeze: Prohibition on making funds or economic resources available to or for the benefit of sanctioned persons/entities; includes carbon credits if considered an economic resource.
Beneficial owner: has the meaning provided in article 2 of the AML/CFT Law
Business relationship: means a business, professional or commercial relationship between the client and the Company which is connected with the professional activities of an obliged entity and which is expected by the obliged entity, at the time when the contact is established, to have an element of duration.
Client: means any natural or legal person or legal arrangement which aims to enter into a business relationship or carry out an occasional transaction with an obliged entity.
Common Foreign and Security Policy (CFSP): EU framework under which restrictive measures (sanctions) are adopted.
Carbon Dioxide Equivalent (CO2e): Unit of measurement representing the warming potential of greenhouse gases compared to CO₂.
Designated Person: means any natural or legal person or other entity against which economic or other sanctions have been imposed by virtue of the provisions of United Nations Security Council Resolutions and/or Decisions and Regulations of the EU Council
Economic Resources: Assets of every kind, tangible or intangible, movable or immovable, that may be used to obtain funds, goods, or services (e.g., carbon credits).
Environmental, Social, and Governance (ESG): Non-financial performance factors; relevant to carbon credit projects.
False positive: means any positive match to listed persons and entities for which, following investigation and assessment, it is concluded that it does not relate to a designated person
Financial Intelligence Unit (FIU): The Financial Intelligence Unit of the Republic, responsible for Combating Money Laundering and established under section 54 of the AML/CFT Law, also known as the Unit or the FIU
Funds: Financial assets and benefits of any kind, including cash, deposits, securities, digital assets, or carbon credits that may hold financial value.
MLRO: Money Laundering Reporting Officer
Person: means any natural or legal person
Restrictive Measures: The EU’s legal term for sanctions adopted under its CFSP framework, including asset freezes, travel bans, and trade prohibitions.
Sanctions: means the UN sanctions and the EU restrictive measures
Sanctions Law: means the Law for the Implementation of the Provisions of the UN Security Council Resolutions (Sanctions) and the Decisions and Regulations of the Council of the European Union (Restrictive Measures) of 2016 (L. 58(Ι)/2016), as applicable from time to time
Sanctions lists: means relevant lists issued by the United Nations and/or the European Union pursuant to the UN Security Council Resolutions and the EU Regulations/ Decisions
Sectoral sanctions: means Sanctions programs introduced by the EU in relation to Ukraine and Russia, prohibiting certain types of transactions with targeted entities in the finance, energy and defense sectors, as well as entities owned by 50% or more by the targets.
Specially Designated National (SDN): Term used in U.S. OFAC lists; included here for awareness if cross-jurisdictional exposure exists.
Supervisory authority: means as defined in the AML/CFT Law and pursuant to the Sanctions Law
Terrorism Law: means the Combating of Terrorism and Protection of Victims Law of 2019 (L. 75(Ι)/2019), as applicable from time to time
True match: means a positive match for which, following investigation and assessment, it is concluded that the person or entity concerned is a designated person.
United Nations Security Council (UNSC): UN body authorized to impose global sanctions regimes.

Terms not defined in the present document, have the meaning inferred to them by the Sanctions Law, AML/CFT Law, the Terrorism Law and the UNSCRs and EU Regulations/ Decisions, AML DIRECTIVES.

LEGAL FRAMEWORK

Cyprus Legislation:

Cyprus is legally obliged to abide by the UN and EU sanctions regimes and its legal framework consists of both primary and secondary legislation that are both legally binding.

Primary legislation

Cyprus has enacted the Law for the Implementation of the Provisions of the UN Security Council Resolutions (Sanctions) and the Decisions and Regulations of the Council of the European Union (Restrictive Measures) of 2016 (L. 58(Ι)/2016). The said Law gives direct and immediate effect to the sanctions and restrictive measures adopted by the UN and the EU to the Republic of Cyprus.

Furthermore, the Cyprus Legal framework consists of the Combating of Terrorism and Protection of Victims Law of 2019 (L. 75(Ι)/2019), as applicable from time to time which covers the sanctions regime related to terrorism. Breaching the provisions of any of the two laws can constitute a criminal offence.

Secondary legislation

The secondary legislation in Cyprus is covered by:

AML Directive for Compliance with the provisions of the Resolutions/ Decisions of the Security Council of the United Nations (sanctions) and the Decisions/ Regulations of the Council of the European Union (restrictive measures)

Sanctions are of strict liability in nature and as such require absolute compliance. Absolute compliance means that firms are at risk of breaching their obligations as soon as a person or entity they provide services to is listed in an EU Regulation or UNSCR.

Criminal consequences: Any person in breach of the sanctions provisions will be guilty of a criminal offence. Criminal penalties include imprisonment of up to 2 years and or financial penalty up to €100.000 for natural persons and financial penalty up to €300.000 for legal persons. In case of a criminal conviction and if the convicted person is a regulated firm, then Disciplinary procedures will immediately be initiated by the regulator as well.

Administrative consequences: Regulator will bring administrative procedures against any regulated firm that fails to comply with the provisions of the Sanctions Directive, and, if found guilty, any or all of the measures provided in the AML/CFT Law could be imposed. These include, inter alia, imposition of a financial penalty up to €1.000.000 and withdrawal, suspension or amendment of the firms operating license.

Reputational damage: Apart from any criminal or administrative consequence, firms should place great importance on the reputational damage, if their name appears in any way to be linked or associated with sanctions related violations. It has been estimated that reputational losses are at least nine times higher than the financial penalty imposed. Firms should also be aware that any reputational damage does not only affect themselves but has a very negative impact on the industry and the Republic of Cyprus as a whole.

PURPOSE OF THE POLICY

1. THEMIS CARBON CY LTD LTD (hereinafter, ‘’Carbon Foundation’’) is committed to compliance with relevant economic and trade sanctions (Sanctions) laws as have mentioned above and identifying, mitigating and managing the risk. The Company recognise that failure to comply with relevant sanctions laws or to prevent or manage this risk would not only constitute a breach of legal and/or regulatory requirements but would also represent a failure to abide by broader community expectations and could carry significant reputational damage, legal and regulatory action and financial loss for the Company.

2. This Sanctions policy is a critical pillar of a Sanctions Compliance Program and the “Bible” of the Company in relation to sanctions matters. The policy provides written compliance standards, procedures and practices which guide the firm and its employees on a day-to-day basis. This policy includes areas such as a code of conduct detailing fundamental principles, Customer Due Diligence (CDD), risk assessment, policies and procedures and information on relevant laws and regulations. THEMIS CARBON CY LTD has a zero tolerance approach to all forms of financial crime including breaching applicable sanctions. The Company’s personnel shall comply with all applicable laws, regulations and professional standards regarding sanctions.

3. The Company has implemented internal controls to minimize the risk of non-compliance of its legal and regulatory obligations (and those applicable to the Company personnel) and any resulting damage to our reputation and business, as well as legal and regulatory penalties.

4. THEMIS CARBON CY LTD personnel must not, engage in any business relationship that directly or indirectly causes the Company to breach applicable sanctions or reporting obligations relating to sanctions. Any circumvention of sanctions or attempt to circumvent the sanctions constitutes a prohibited activity and as such it is a criminal offence under the Sanctions Law.

5. The Company operates in the carbon credits space (generation, trading, retirement) and accordingly must ensure that no transactions or counterparties are in breach of the relevant sanctions regimes.

This Policy is intended to:

provides deep understanding of the legal requirements and is designed to ensure compliance with the financial sanctions;
defines and establishes Company’s financial sanctions risks;
set out the framework for Company management of its financial sanctions risk;
establishes processes to ensure that the Company complies with applicable sanctions;
provides guidance to Company’s personnel of the required approach to financial sanctions compliance;
specifies individuals’ responsibilities for the prevention and detection of financial sanctions breaches;
set out the consequences of breaching this Policy.

This policy must be read in conjunction with the Alerts distributed to THEMIS CARBON CY LTD is to set out Company’s obligations relating to sanctions compliance and the steps we have taken to ensure we continue to comply with applicable sanctions.

This policy should be updated in accordance with the latest provisions of the relevant legislation and the risk appetite of the Company, current trends and best practices and will be updated whenever considered necessary in accordance to the policies and procedures of the Company’s and the updates in the Legal Framework. It will be revisited at least once annually to ensure that all information included is up to date.

The policy should be reviewed and updated when deficiencies are detected, or adjustments are needed, keeping in mind that the sanctions compliance program of the Company must be able to adapt to ongoing changes and developments due to frequent changes to legal sanctions regimes, and accommodate for additions/amendments to the sanctions lists and shifts of focus regarding sectoral sanctions - in order to ensure appropriateness and to accommodate for changes in the relevant legislation and the Company’s business and/or risk profile.

Sanctions Policy constitutes the strategy adopted by THEMIS CARBON CY LTD to prevent and effectively combat any Sanctions related matters and clearly states the commitment of the Company. It should be highlighted that adherence to the provisions of the Manual is a safeguard to the effective implementation of the Sanctions Compliance Program of the Company.

Compliance with this Policy

This Policy applies to all employees, officers, contractors, and subsidiaries of the Company (collectively “Personnel”). It covers all business activities of the Company including but not limited to:

onboarding of clients, counterparties and project entities;
trading/transfer of carbon credits;
financing, brokering, retirement or issuance of carbon credits;
investments, partnerships, and joint ventures;
payments, funds flow, and asset movement.

Sanctions require absolute compliance – it is a criminal offence in Cyprus to participate in activities that breach applicable sanctions. Penalties on conviction can include up to two years imprisonment and €100.000 fine in case of natural person or €300.000 for entities. It is no defense that sanctions were breached indirectly or unknowingly. Any action taken to circumvent applicable sanctions or attempt to circumvent the sanctions constitutes a prohibited activity and as such it is a criminal offence under the Sanctions Law.

THEMIS CARBON CY LTD must comply with applicable UN, EU sanctions in addition to keeping updated with EU and US sanctions. Company’s Personnel must not engage in business activity that breaches applicable sanctions or Company’s Sanctions Policy. If you are concerned that you may be engaged in business activity in breach of applicable sanctions or this Policy, you must contact MLRO immediately. Compliance with this Policy is mandatory. Non-compliance with this Policy will put the THEMIS CARBON CY LTD at risk of committing criminal offence and regulatory breaches – in addition there will be personal consequences for individuals found to be in breach. These include adverse risk metrics and/or investigation, and disciplinary action, up to and including dismissal.

What are Sanctions?

Sanctions are an essential tool which is used to prevent conflict or respond to emerging or current crises. They are non-punitive measures and are intended to respond to negative political change and aim at restoring international peace and security and to enforce security interests without resorting to military action. Sanctions refer to restrictions and/or prohibitions on activity with targeted countries, governments, Companies, natural and legal persons, and industries.

They include a variety of measures ranging from comprehensive economic and trade sanctions to more targeted measures such as:

arms embargoes,
travel bans,
asset freezes,
reduced diplomatic links,
reductions/ cessation of any military relationship,
flight bans,
suspension from international organizations,
withdrawal of aid,
trade embargoes,
restriction on cultural/ sporting links and
Other measures.

Sanctions can target:

States (including their public authorities)
Individuals, i.e. natural persons
Legal persons, entities or bodies
Organizations
Vessels and aircraft

It should be noted, that although only sanctions imposed by the United Nations and the European Union are legally binding, there are individual country sanctions lists that should be taken into consideration when on-boarding clients and when processing transactions.

The Company should be alert of country sanctions legislation and relevant sanctions list for countries their clients operate or transact in. Special attention should be given to countries whose sanctions carry an impact outside of the jurisdiction, for example sanctions imposed by the US Department of Treasury’s Office of Foreign Assets Control (OFAC). Individual countries may follow the UNSC but may also enact their own sanctions lists related to specific regional threats or other national security considerations and may even have an extraterritorial effect. Such issuing authorities include the USA’s OFAC. Individual country sanction could apply to business relationships and as such should be taken into consideration when Onboarding clients, processing transactions and as part of ongoing monitoring procedures.

Sanctions are of strict liability in nature and as such require absolute compliance. Any person in breach of its sanctions related obligations will be guilty of a criminal offence. Absolute compliance means that firms are at risk of breaching their obligations as soon as a person or entity they provide services to is listed in an EU Regulation or UNSCR.

Sanctions instituted by the United Nations Security Council are almost simultaneously adopted by the European Union in the form of Regulations and Decisions, but the EU also has the power to impose sanctions on its own authority, without any prior action taken on the part of the United Nations. Sanctions imposed by the United Nations come in the form of UN Security Council Resolutions, where all provisions and prohibitions are contained there within. UN sanctions can be found on UNSC Resolutions page.

The EU sanctions are adopted, renewed or lifted by the Council of the European Union. EU sanctions come in the form of Regulations containing prohibitions and derogations, if any. Currently, there are 40 different sanctions regimes in place. EU sanctions can be found on EU sanctions map.

Categories of Sanctions

The EU takes a targeted and differentiated approach to restrictive measures (sanctions). There are various ways to categorise sanctions, but the most common categorisation is broken-down in four (4) categories of sanctions: comprehensive sanctions, regime-based sanctions, sectoral sanctions and list-based sanction.

Comprehensive sanctions: Comprehensive sanctions target entire countries or geographic regions and prohibit most activity with the countries/regions targeted i.e. they cover asset freezes as well as prohibitions on services, products etc, cultural and athletic cessations, diplomatic cessations etc. They aim to change governmental policies and activities by cutting the targeted country out of the markets, imposing economy-wide costs and restricting access to a wide range of goods and services. Comprehensive sanctions are imposed by the UNSC, the EU and various other countries such as the US, etc. Examples of comprehensive sanctions include the sanctions regimes of North Korea and the latest sanctions imposed against the Russian Federation, following Russia’s military aggression against Ukraine.

Regime-based sanctions: Regime-based sanctions target current or former governments or regimes. Although they are associated with particular countries, they are primarily list-based, focusing on officials involved in activity that destabilizes a situation and on their associates. These sanctions tend to be paired with limited export controls or embargoes and related financing prohibitions. Most regime-based sanctions target any legal or natural person involved in serious violations of human rights and aim to protect human rights. Regime-based sanctions are imposed by the UNSC, the EU and various other countries such as the US etc. Example of regime-based sanctions is the European Union sanctions against Syria.

Sectoral sanctions: Sectoral sanctions target entities in key sectors of a country’s economy. Sectoral sanctions do not impose asset freezes; rather they restrict the ability of the targeted entities to access financing, import or export equipment, goods, services or technology. Sectoral sanctions do not impose asset freezes; rather they restrict the ability of the targeted entities to access financing, import or export equipment, goods, services or technology. Sectoral sanctions apply prohibitions primarily on certain activity with the entities prescribed in the relevant Regulations. Examples of such sectoral sanctions concern prohibitions against the energy sector, gold and precious metals, aviation and space industry, luxury goods etc. Such sanctions include the sanctions imposed against the Russian Federation following Russia’s invasion against Ukraine by the Council of the European Union and various other countries such as the US etc.

List-based sanctions (list-based): List-based or conduct-based sanctions target anyone involved in defined types of malicious activity. Persons and entities can be designated for involvement in terrorism, proliferation of weapons of mass destruction, bribery, corruption, human rights violations, drug trafficking, organized crime, election interference, or cyber enabled malicious activity. List-based sanctions are meant to identify, disrupt, and deter sanctioned activities. Persons included in the sanctions lists have their assets and economic resources frozen and there is a general prohibition of not making any funds or economic resources available to them. List-based sanctions are imposed by the UNSC, the EU and various other countries such as the US etc.

Combination of types of sanctions: Most sanctions regimes imposed, usually involve a combination of the above categories of sanctions, e.g., the European Union’s sanctions program against Russia and Belarus includes list-based sanctions, sectoral sanctions, regime-based sanctions and comprehensive sanctions against the unrecognized territories of Donetsk and Luhansk. As such, professionals should be aware and take into consideration all sanctions regimes that may be applicable to their business relationship. Although, list-based regimes are the first point to check in order to assess whether a potential business relationship or an existing business relationship is caught under sanctions, there are many more parameters and regimes that need to be taken into account. For example, even if a client is not included in the list-based sanctions, other sanctions types/regimes may still apply that affect the business relationship, e.g. a transaction may be prohibited based on sectoral sanctions or comprehensive sanctions.

SANCTIONS SCOPE OF APPLICATION

UN sanctions application: The UN sanctions are legally binding and must be complied with by all UN member states.

EU sanctions apply only within EU jurisdiction (territory), i.e., the obligations they impose are binding on EU nationals or persons located in the EU or doing business in the EU. As such, although, their application appears to have an inherently extra-territorial effect, they apply only within the EU territory.

In other words, they impose legally binding obligations on:

EU nationals, in any location
Persons located within the territory of the EU (whether permanently or temporarily)
Persons doing business in the EU (for example companies and organizations incorporated under the law of a Member State – including branches of EU companies in third countries). Foreign subsidiaries of EU parent companies would typically be subject to the laws of the jurisdiction in which they are incorporated and therefore would not be subject to EU sanctions.

Application of individual country sanctions regimes It should be highlighted that although the Cyprus legal obligation is to follow the EU and UN sanctions regimes, individual country sanctions regimes may apply depending on the characteristics of the business relationship. Examples of the following are demonstrated in the example below:

Where a business relationship involves a client who undertakes activities within the UK’s territory or is a UK national, then compliance with UK financial sanctions in force is required. The reason this is that the UK Sanctions regime applies to all natural and legal persons within the territory and territorial sea of the UK and to all UK persons, wherever they are in the world.

As such, the Company should take into consideration all sanctions regimes that may apply when deciding whether to enter a business relationship, Onboarding clients, processing transactions and during ongoing monitoring of the business relationship.

How to assess if clients are affected by Sanctions:

Ownership Criterion

EU sanctions lists include persons, either legal or natural, listed by name and are usually referred to as “designated persons” and usually extend to entities “owned or controlled” by designated persons. As such the assessment should include the “Ownership and control criteria”.

EU sanctions also apply to entities owned, directly or indirectly, by a designated person to more than 50%. The calculation for this rule should also take into consideration the aggregate ownership, i.e., if an entity is directly owned by more than one designated persons, their aggregate ownership should be calculated and if it amounts to more than 50%, then the entity is considered to be jointly owned and controlled by designated persons and as such it comes under sanctions. It is noted that the 50% rule applies equally to indirect ownership.

Control Criterion

If the ownership criterion is not met, entities could still be considered sanctioned if the control criterion is met. The factors to be taken into account when trying to assess whether an entity is controlled by another person or entity, alone or pursuant to an agreement with another shareholder or other third party, could include, inter alia:

having the right of or exercising the power to appoint or remove a majority of the members of the administrative, management or supervisory body of such legal person or entity;
having appointed solely as a result of the exercise of one's voting rights a majority of the members of the administrative, management or supervisory bodies of a legal person or entity who have held office during the present and previous financial year;
controlling alone, pursuant to an agreement with other shareholders in or members of a legal person or entity, a majority of shareholders' or members' voting rights in that legal person or entity;
having the right to exercise a dominant influence over a legal person or entity, pursuant to an agreement entered into with that legal person or entity, or to a provision in its Memorandum or Articles of Association, where the law governing that legal person or entity permits its being subject to such agreement or provision;
having the power to exercise the right to exercise a dominant influence referred to in point (d), without being the holder of that right;
having the right to use all or part of the assets of a legal person or entity;
managing the business of a legal person or entity on a unified basis, while publishing consolidated accounts;
sharing jointly and severally the financial liabilities of a legal person or entity or guaranteeing them. If any of the above factors is met, then the entity should be considered as being controlled by a designated person and as such is considered itself to be sanctioned. The control criterion should be decided on a case-by-case basis, following a thorough assessment.

Sanctions against designated persons could also extent to family members or non-designated third persons, if, apart of the “control factors” already mentioned, any of the below criteria is met:

the closeness of business and family ties between the listed person and the third person;
the professional independence of the third person now owning the assets;
previous gifts given to the third person and how they compare to the transaction in question;
the frequency/regularity of previous gifts to the third person;
the content of formal agreements between the listed person and the third person;
the nature of the assets (e.g. whether these are shares in a company owned or controlled by the listed person). This means that, although funds and other economic resources are held, owned, belong to or controlled by non-designated persons, they could still be subject to sanctions and as such frozen, if, following an assessment, it is believed that, in reality, they are owned or controlled by the designated person

Circumvention

Firstly, we have to highlight that any circumvention of sanctions or attempt to circumvent the sanctions constitutes a prohibited activity and as such it is a criminal offence under the Sanctions Law.

Always we have to ensure that our policies and procedures include provisions against circumvention of sanctions. The policies and procedures should also provide for the detection of attempts to circumvent sanctions. The term “sanctions circumvention” means the knowing and intentional participation in activities the object of which is to carry out indirectly or through other persons any transactions or actions that would be prohibited by the sanctions if carried out directly by the sanctioned person, thus circumventing / evading the sanctions.

Designated persons may often use a variety of tactics to circumvent sanctions as follows (non-exhaustive list):

Changing names or using aliases
Converting assets to cash and withdrawing the cash from financial institutions
Converting assets into other forms such as real estate, gems, and precious metals
Transferring money to jurisdictions where enforcement of sanctions is unlikely to occur
Transferring funds to non-sanctioned family members
Using intermediaries to conduct financial or other transactions on behalf of the designated person
Creating front companies, nongovernmental organizations, or other entities to hide assets using unofficial financial networks (e.g. hawala, courier services, messengers) rather than formal financial institutions
Using government-controlled entities to transact for or on behalf of designated persons

The Company and the staff should always remain vigilant for new methods/tactics developed or employed with the aim of circumventing the sanctions. This is achieved by taking into consideration various red flags associated with circumvention and through the design and application of appropriate measures including Customer Due Diligence and Enhanced Due Diligence procedures which would allow a better understanding of client activity and behaviour and thus the identification of circumvention attempts. A key element of circumvention involves moving frozen assets and processing transactions without raising alerts. As a result, a number of professionals and business become vulnerable to being used for sanctions circumvention especially the financial sector, the administrative service provision sector, the shipping industry, Non-Profit Organisations (NPOs), import/export and insurance industry.

In order to properly prepare, Company should be aware of common techniques used by designated persons and their enables to evade sanctions. An easy way to prepare is to get familiarised with red flags and typologies issued by national authorities and to put in place the relevant reporting channels.

In order for the Company to be in compliance with the above , monitors the relevant red flags from national and international organisations such as FinCen and National Economic Crime Centre:

https://www.fincen.gov/resources/advisoriesbulletinsfact-sheets

Sanctions in Carbon Credits Context

Given the Company’s business in carbon credits, specific considerations include:

Origin of Credits / Project Developer Risk: The Company must ensure carbon credits are not generated by a project developer or host country entity that is subject to sanctions, or in a jurisdiction under a sectoral sanctions regime (for example, if a country with which the EU prohibits investment in certain sectors is involved).
Transfer and Retirement: When transferring, retiring or brokering carbon credits, ensure that no sanctioned entity is a beneficial owner, controller or has effective veto/control over the credits.
Financial Flows: Payments related to carbon credit transactions (issuance fees, purchase payments, broker commissions) must not flow to or through sanctioned persons/entities.
Registry Access and Ownership Transparency: The Company must maintain transparency of beneficial ownership and control for counterparties, particularly where credits are held in registries (ensuring a sanctioned person does not gain indirect access).
Secondary Trading / Indirect Exposure: The Company must monitor counterparty chains for downstream links to sanctioned persons/entities (e.g., broker-dealer networks, sub-brokers, intermediaries in other jurisdictions).
Avoidance of Evasion: The Company must be particularly vigilant for red flags of sanctions evasion in the carbon market context: use of shell vehicles, rapid transfers, jurisdictional layering, unknown beneficial owners, or high-risk geographies (projects in jurisdictions under sanctions or weak AML/CTF/ sanctions regimes).

RISK – BASED APPROACH (RBA)

THEMIS CARBON CY LTD applies appropriate measures and procedures by adopting a risk-based approach, so as to focus its effort in those areas whereas the risk of sanctions, ML and TF ,PF ( proliferation financing) appears to be comparatively higher. The application of a risk-based approach is fundamental to comply with the AML Law, the EU Directive and the FATF recommendations. It forms the foundation of any company’s Sanctions AML policies, controls and procedures and more importantly its Client Due Diligence and employees’ training procedures. Therefore, it is of paramount importance for a holistic and dynamic risk-based approach to be used.

In particular, a risk-based approach allows the firm to exercise reasonable business and professional judgment with respect to clients as regards managing potential sanctions, ML and TF ,PF risks. It allows the Company to target resources and effort where the risk is higher and, conversely, reduce requirements where the risk is low. It also identifies the Sanctions, ML & TF risks posed by each client and provides for a unique assessment of every client relationship, allowing the Company to tailor its actions in proportion to its risk appetite. It also allows the Company to more efficiently and effectively adjust and adapt as new ML & TF,PF methods are identified. It is highlighted that the risk appetite of the Company may vary in accordance with the objectives of the Senior Management, and this should be reflected in the Client Acceptance Policy of the Company. The client acceptance policy of the Company is included in the respected AML Manual of THEMIS CARBON CY LTD.

Company adopted appropriate to its business, policies and procedures and ensure their implementation across the organisation. Company always ensures that policies and procedures are well understood by all relevant personnel. The RBA consist of identifying the risks, evaluating and assessing the risks, implementing appropriate mitigating measures and monitoring the implementation and adequacy of the measures.

The Risk-Based Approach does not exempt low Sanctions, AML risk clients from the application of Client Due Diligence, nonetheless, the appropriate level of Client Due Diligence is likely to be less onerous than compared for higher Sanctions and AML risk clients.

The risk-based approach adopted:

Recognise that the ML , Sanctions and TF,PF threat varies across clients, countries, services, counter parties including project developers, brokers, investors and intermediaries identifying and assessing the risks emanating from particular clients, services and geographical areas of operation of the Company and its clients and services delivery channels and also for projects in which carbon credits are originated or traded. In particular, it shall incorporate the weight given to each factor so as to calculate the total risk and determine the risk category of the client.
Allow the MLRO and the Board of Directors to differentiate between clients in a way that matches the risk of their particular business.
Help to produce a more cost-effective system.
Promote the prioritisation of effort and actions of the Company and its employees in response to the likelihood of money laundering, terrorist financing and Sanction Evasion. It allows the companies to apply their own approach in the formulation of policies, procedures and controls, in response to the Company’s particular circumstances and characteristics.
Ongoing monitoring and improvements in the effective operation of the policies, procedures, measures and controls applied by the Company. In addition, the risk-based approach involves specific measures and procedures in assessing the most cost effective and proportionate way to manage the money laundering and terrorist financing risks faced by the firm. Such measures and procedures are:

Identifying the Risks: All risk factors considered when identifying the risk posed by the client and the risk the Company is exposed to are analyzed below. Regarding the Company wide risk assessment, the Company takes into account all the relevant factors relating to the products and services offered, geographical areas of the Company’s business activities, Customer Due Diligence (CDD) procedures and measures employed, periodic reviews/ updates of CDD measures, distribution channels, robustness of screening processes employed, client base and client risk profiles are analyzed below and in the AML Manuals in the relevant Chapters. Regarding the client risk assessment, the Company considers the characteristics of the client, geographical areas, products and services and delivery channels.
Assessing the risks: The Company incorporated the weight given to each factor to calculate the risk and determine the risk category of the client.
Managing and mitigating the assessed risks by the application of appropriate and effective measures, procedures and controls. e.g., escalating approval, more frequent on-going monitoring, automated systems, independent audit, as well as measures for other risk situations, e.g., on-going monitoring, specialized training etc.
Monitoring on an ongoing basis the effective operation of the policies, procedures and controls: The Company should always proceed with a regular and/or periodic and change-trigger event reviews of the measures and procedures applied to mitigate the risks.
Sanctions Compliance Program
Company’s sanctions compliance program is developed and implemented by the Company. The sanctions compliance program is appropriate, adequate, proportionate to our nature and size and effective in order to manage and mitigate the sanctions risks faced by the Company.
Company’s sanctions compliance program include, as a minimum, the following:

The establishment of a sanctions risk assessment
The development of policies, procedures, systems, and controls
Screening processes
Reporting matches and breaches of the sanctions’ regime
Training and awareness
Record keeping

SANCTION RISK ASSESSMENT

Our risk assessment considers all the sanctions related risks that THEMIS CARBON CY LTD may face, identify emerging risks and establish and apply risk mitigating measures commensurate to the risks. The sanctions risk assessment constitute a two-tier process, considering both the sanctions risk profile of the Company and the sanctions risk profile of Company’s clients. The Company adopts a holistic and dynamic approach towards the risk factors considered in the sanctions risk assessment.

The risk assessment demonstrated through the Risk Scoring Matrix established by the Company. The risk levels are LOW, MEDIUM AND HIGH. The table uses simple majority system (1,2,3) respectively. More specifically, when specific weights are being assigned to each risk factor, the following shall be ensured by the Company:

weighting is not disproportionately influenced by just one factor.
economic or profit considerations do not influence the risk rating.
weighting does not lead to a situation where it is impossible for any business relationship to be classified as high risk.
the provisions of the EU Directive or national legislation regarding situations that always present a high -ML risk cannot be over-ruled by the Company’s weighting.
it is able to over-ride any automatically generated risk scores where necessary - it is important for the approach adopted to incorporate a provision for raising the risk rating from low or normal to high if any information comes to light in conducting the client due diligence that causes concern or suspicion. The rationale for the decision to over-ride such scores should be documented appropriately.

During the risk assessment methodology and having identified the risks which are or might be faced by the Company, the second step involves the assessment of the probability (likelihood of occurrence) of each identified risk, as shown in the following table:

Probability (Likelihood of Occurrence)
Descriptor
Very likely
Likely
Very unlikely

Finally, taking into consideration the probability of an identified risk occurring and the potential impact on the Company’s business, the net risk profile (after mitigation measures) of the Company for each identified risk will be determined using the classification as shown in the table below:

Risk Profile
High
Serious
Medium
Manageable
Low
Acceptable

Sanctions risk profile of the Company

As regards the sanctions risk profile, the Company through the sanctions risk assessment, is be able to understand which parts of their business may be more prone to, or carry a greater likelihood of breaching sanctions related obligations. The Company considers how it would most likely be breaching the sanctions requirements. In assessing the sanctions risk profile of the Company (Company-wide risk assessment), factors to consider include, the following:

Products and services offered
Geographical areas of its business activities
Customer Due Diligence (CDD) procedures and measures employed
Periodic reviews/ updates of CDD measures
Distribution channels
Robustness of screening processes employed
Client base
Client risk profiles

In assessing the sanctions risk profile of its clients (client risk assessment), factors to consider include, as a minimum, the following:

Client activities
Geographical areas of operation or links to geographical areas of operation
Services used
Distribution channels
Complexity and volume of transactions – transaction types ((issuance, trading, retirement) and credit flows
counterparties including project developers, brokers, investors and intermediaries
potential for sanctions evasion or circumvention (e.g., use of shell entities, offshore jurisdictions).

Factors to consider in assessing Company’s sanctions risk includes:

Low
Medium
High
Client base
Domestic, stable, clear corporate structure, well- known client base
Mostly domestic, overseas clients stable with clear corporate
structure
High percentage of overseas based clients, high-risk jurisdictions
Client risk profiles
Few high-risk clients
Moderate level of high-risk clients
Large number of high-risk clients
Product mix
Mainly domestic transactions, limited international transactions
Moderate level of international transactions
High volume of international transactions
Overseas operations
No overseas branches
Limited overseas branches, mostly in jurisdictions with
equivalent AML regime
Large global presence, proximity to sanctioned countries
History of
sanctions violations
No history of any sanctions
violations
Few sanctions violations, mitigating action has been taken
Multiple recent violations, mitigating action has not been taken yet
Robustness of screening process
Fully automated with “fuzzy matching” function, done at regular intervals
Semi-automated, not in line with the risk profile of the client base
No screening or manual screening disproportionate to the size and nature of the firm
Robustness of Sanctions Compliance Program
Well established program that includes policies, procedures, systems and controls that are adequate and consistent with the Company’s risk profile.
Program includes most of the policies, procedures, systems and controls but some weaknesses exist.
No program or inappropriate program with policies, procedures, systems and controls significantly deficient.

SANCTION RISK MANAGEMENT

The Company should also consider completing an annual Sanctions Risk Assessment as an integral component of their Sanctions Risk Management Control framework. The Sanctions Risk assessment should review the Company’s approach to Sanctions risk under a number of key headings including (inter alia):

the Company’s ability to react to sanctions legislation
the sanctions risks that may be presented by the Company’s customers and associated parties (such as directors and beneficial owners), transactions, services, products and jurisdictions
systems and key person dependence
training

The Sanctions risk assessment should:

Identify the key inherent sanctions risks facing the Company
Outline the key control measures in place to mitigate against these inherent risks
Outline any residual risks remaining
Define the required actions to address any gaps identified If we know our customer, it is easier to respond to queries relating to their transactions and/or business.

The Company completes the Customer On boarding and Ongoing Due Diligence review process conscientiously to ensure it knows its customers and their business particularly if the customers deal with higher risk countries, goods or activities.

The Company should produce regular compliance monitoring to ensure that it effectively manages the sanctions risks and keeps relevant records for internal and external audit purposes.

Updates & Review

The Risk Assessment Policy of the Company shall be reviewed and updated periodically, or when the need arises so that to ensure that:

it remains current and up to date.
any deficiencies in its effectiveness will be identified and rectified.

The MLRO is responsible for performing the required updates. In order to ensure that the Risk Assessment Policy remains up to date, the following sources of information (a non-exhaustive list) shall be taken into consideration:

Directives of EU and UN in relation to Sanctions and restrictive measures
Primary and Secondary legislation in relation to Sanctions
the European Commission’s supranational risk assessment.
information from government, such as the government’s national risk assessments, policy statements and alerts, and explanatory memorandums to relevant legislation.
information from regulators, such as guidance and the reasoning set out in regulatory fines.
information from Financial Intelligence Units (FIUs) and law enforcement agencies, such as threat reports, alerts and typologies.
other reports issued from international reputable organizations, as the following:

FATF, http://www.fatf-gafi.org/
Moneyval, https://www.coe.int/en/web/moneyval
Egmont, https://egmontCompany.org/en
Basel Committee, https://www.bis.org/bcbs/
IMF, https://www.imf.org/external/index.htm
Transparency International, https://www.transparency.org/en/
information obtained as part of the initial customer due diligence process.

Other sources of information that the MLRO may consider in this context may include, among others:

the Company’s own knowledge and professional expertise.
information from industry bodies, such as typologies and emerging risks.
information from civil society, such as corruption indices and country reports.
information from international standard-setting bodies such as mutual evaluation reports or legally non-binding blacklists.
information from credible and reliable open sources, such as reports in reputable newspapers.
information from credible and reliable commercial organizations.

CUSTOMER DUE DILIGENCE PROCEDURES

Sanctions compliance does not operate in isolation. Rather, it is one element, along with AML, CFT and CPF, of the Company’s financial crime compliance framework. As such, sanctions due diligence closely aligns with the due diligence undertaken for AML/CFT purposes and it is performed concurrently. As a result , all the relevant provisions, procedures and policies of the AML manuals in relation to KYC measures and CDD procedures applied by the Company both for natural and legal persons and all the organizations, the different risk categories of clients and all the applicable CDD measures (EDD & SDD) measures and Appendixes are applicable.

Specifically all the relevant provisions which are included in the AML Manuals and all the relevant Appendixes including but not limited to the following are applicable:

Customer Acceptance policy
KYC measures and CDD procedures applied by the Company both for natural and legal persons.
Differentiation between the different risk categories of clients, mentioning the breadth and extent of those measures (minimum procedures for SDD and EDD)
Data collection and documents that are to be obtained by the Company for each risk category should also be stated
the data and documents to be collected for the natural, legal persons, trusts and foundations
All the relevant KYC forms and checklists
the procedures to be followed for determining the ownership and control structure of the client, the purpose and nature of the business relationship and the measures and steps to be taken to determine the economic profile of the client, that would help the Company identify any circumvention attempts.
the supporting documentation that must be collected to corroborate the SoF/ SoW of the client, taking into consideration the risk category of the client
the timing the KYC/CDD measures and procedures should be performed.
on-going monitoring procedures and update of records.
The method of on-going monitoring, timing of update of records, type of records to be updated, regular/ periodic updates and change-trigger events

TRANSACTION SCREENING

Transaction screening refers to the process of screening a movement of value within the Company’s records, including funds, goods or assets, between parties or accounts to identify possible sanction targets.

Transaction screening is performed on a real-time basis, i.e., before the transaction is executed. Focus should be primarily on cross-border transactions which carry a higher risk as opposed to domestic transactions that are subject to the same jurisdictional regulatory requirements. In determining which transactions to screen, factors to consider include the following:

The materiality of the transaction
The nature of the client’s business
The characteristics of the transaction (e.g., cross-border transactions, currency used, the routing of the transaction)
Availability of adequate information to ascertain whether it is a potential match

Sanctions Risk Red Flags in Carbon Credit Transactions

Examples of red flags that may indicate sanctions risk or evasion in a carbon-credits context:

Counterparty, beneficial owner or controller is on or linked to a sanctions list or in a high-risk jurisdiction (e.g., subject to broad-based sanctions).
Project developer or host country is under sanctions, subject to sectoral restrictions or known for weak governance/AML controls.
Transaction involves unusual payment routing, intermediary jurisdictions, or shell companies with opaque ownership.
Rapid or unexpected transfers of credits, frequent transfers between unrelated counterparties, or transfers outside normal market channels.
Credits or project funding involving jurisdictions known for sanctions evasion, money laundering, or financial secrecy.
Lack of transparency around beneficial ownership, project structure, intermediary firms or financing arrangements.
Use of dual-use technologies, goods or services in the project that may fall within export controls linked to sanctions regimes.

Transaction Approval & Monitoring

Prior to execution of any transaction (e.g., issuance, trading, retirement of carbon credits), ensure sanctions screening is repeated if more than 6months have passed since initial screening.
For each transaction:

identify all parties involved (seller, buyer, broker, intermediary, ultimate beneficial owner) and repeat sanctions screening.
check whether any aspect of the transaction could involve sanctioned goods, services, technology, funds, or beneficiary.
evaluate whether the transaction requires additional scrutiny (e.g., high value, unusual payment path, high-risk jurisdiction).

Flag and escalate any matches or suspicion of sanctions evasion to the SCO immediately.
Maintain a transaction log of sanction-screening results, decisions, any required approvals, and follow-up.

Resources

Firms should ensure that they have adequate and appropriate financial, human and technical resources to manage the sanctions requirements.

Reporting matches and Internal Reporting Procedure

Positive matches identified following a screening process must be properly investigated to confirm that they are true matches involving a designated person rather than “false positives”.

Positive matches must be immediately reported to the MLRO, who is responsible for investigating and assessing whether a positive match is a true match. A clear, internal reporting procedure is established, enabling employees to report and disclose information relating to a positive match without delay. The established procedures should be communicated to all relevant employees of the Company.

The existence of a true match on client base in connection to sanctions Knowledge or suspicion of sanctions and breaches and/or assistance of violation of sanctions, all the names of persons, irrespective of whether they hold funds or economic assets in their name, who are themselves or are connected with designated persons must be reported immediately to the MLRO ( Mrs. Andrea Metziti with email address a.metziti@thecarbonfoundation.co).

For more information regarding identification of true matches, please find the process below:

Step 1: Is the “match” against a sanctions list or is it a “match” for any other reason, e.g., PEP, adverse media etc.?

If the “match” is against a sanctions list, proceed to step 2 below. If the “match” is for any other reason, you do not have a “match”.

Step 2: Evaluate the quality of the match. Compare the name of the person concerned with the name on the sanctions list. Is the name in your firm’s possession a natural person while the name on the sanctions list concerns a legal person, vessel (or vice-versa)?

If yes, you do not have a true match. If no, proceed to step 3 below.

Step 3: How much of the listed entry’s name is matching against the name you have, e.g., just the last name?

If yes, you do not have a true match. If no, proceed to step 4 below.

Step 4: Compare the complete sanctions list entry with all the information you have on the matching name. An entry will often have a full name, address, nationality, passport, tax ID, place of birth, date of birth, former names, and aliases. Are you missing a lot of this information for the name?

If yes, your due diligence process is lucking. Go back and get more information and then compare your complete information against the entry. If no, proceed to step 5 below.

Step 5: Are there several similarities or exact matches?

If yes, you have a true match. Reporting and freezing procedures apply immediately. If no, you do not have a true match.

If, following proper investigation using all sources available, the Company cannot determine whether the client is in fact a designated person/ entity, the Company should seek legal advice.

The MLRO or any member of the staff has any question in relation to sanctions and their application should obtain a legal advice from the internal legal advisor or an independent legal advisor. “False positives” should be properly documented and kept as per our procedures which are analyzed below ( 5 years + the rule for additional 5 years). Company should maintain a written record containing all steps and actions taken, providing all information/ documentation and rationale to support the conclusion that the positive match is a “false positive” rather than a true match. Firms should be able, when requested, to justify to the supervisory authority the appropriateness, adequacy and breadth of the actions taken to identify a positive match as a “false positive”.

True matches and reporting obligations

When a possible match is identified as a true match, following investigation and assessment, the Company must take appropriate action in order to fully comply with the sanctions requirements. In cases where a business relationship has not yet been established, the Company must refrain from entering a business relationship and reporting procedures should immediately apply.

In cases of an existing client, Company must take appropriate measures to immediately freeze all the funds, financial assets and economic resources of the designated person the Company has in its possession and/or refrain from executing any transaction or providing any service.

Depending on the funds and economic resources that are subject to freezing, the Company must take all necessary steps in order to prevent the implementation of transactions that will be in breach of financial sanctions. The notion of holding and controlling of funds and economic resources comprises all situations where:

A designated person or entity, without having a title of ownership
Is able lawfully to dispose of or transfer funds or economic resources
Without any need for prior approval by the legal owner

The following situations are considered as holding or controlling funds or economic resources (the list is indicative and not exhaustive):

The designated person has banknotes or debt certificates issued to bearer,
Has movable goods on his premises which he owns jointly with a non-designated person,
Has received full or similar powers to represent the owner, allowing him to order the transfer of funds he does not own (e.g., power of attorney (PoA) for the purpose of managing a specific bank account or general PoA),
Is a parent or guardian administering a bank account of a minor in accordance with the applicable law.

Making funds available to a designated person or entity Includes activities such as (the list is indicative and not exhaustive):

Payment for goods and services
Donations
Funds returned previously held under a contractual arrangement

Making economic resources available to a designated person or entity Includes activities such as (the list is indicative and not exhaustive):

Gift
Sale
Barter
Returning economic resources held or controlled by a third party to a designated owner

Nevertheless the Company should always proceed to all the relevant measures include identification of such assets, funds and economic resources, cessation of transactions or facilitation of business, freezing or termination of services.

Exemptions – Obtaining a license

Firms that wish to engage in activities which fall within the exemptions provided for in the relevant UNSCRs and/or Decisions/Regulations of the EU Council, should obtain the required licenses by the competent authorities. Regulations that call for asset freezing, may also contain provisions for derogations and exemptions to enable the release of frozen funds to designated persons for specific reasons such as:

Specific needs: this is to satisfy the basic needs of a designated person and dependent family members, including for example payments for food, rent, mortgage, medical treatment, legal expenses, extraordinary expenses, to ensure the routine holding or maintenance of frozen funds; or to be used for specific official purposes.
Humanitarian aid: i.e., if the release is necessary for the purpose of providing humanitarian aid.
Decisions: if the release is prescribed pursuant to certain types of arbitral, judicial or administrative decisions. Prior contracts: if a payment is due under a contract or agreement concluded or where an obligation arose before the date on which the designated person was listed.

If such derogations are provided, they are subject to the granting of authorization by the competent authority of the Member State and only after obtaining such authorization, may a release of frozen funds take place.

In Cyprus, the competent authority for authorizing the release of frozen funds that fall within the derogations prescribed by the relevant Regulation is the Advisory Body on Economic Sanctions (ΣΕΟΚ) under the auspices of the Ministry of Finance.

How to obtain a license

The Advisory Body on Economic Sanctions (SEOK) has been established in the Republic of Cyprus for the approval of the provision of services to sanctioned entities / customers, in line with the derogations set out in Article 4 of the COUNCIL REGULATION (EU) No. 269/2014.

The procedure to submit such a license/exception form to SEOK is to complete and submit to the Ministry of Finance at the following e-mail address - seok@mof.gov.cy – the application form which is available at the following link:

https://mof.gov.cy/en/press-office/announcements/1093/?ctype=ar

Additionally, the Sanctions Unit assesses requests for approvals / exceptions that are derived from the Resolutions of the SC / UN and the Regulations of the European Union, and are related with financial matters. Such requests are being forwarded to sanctionsunit@mof.gov.cy by utilizing the form which is available via http://mof.gov.cy/assets/modules/wnp/articles/201607/10/docs/aitisi.docx (including all the supporting documentation)

“Tipping off”

There is no “tipping off” offence in relation to sanctions and/or restrictive measures, since the information related to sanctioned persons and/or entities, constitutes public information.

Does a Suspicious Transaction Report (STR) have to be filed?

The identification of a designated person alone and/or holding funds and other financial assets in the name of a designated person, does not in itself constitute grounds for filing STR with the FIU.

Nonetheless, should a reasonable suspicion of a crime arise or there is a true match concerning terrorism related sanctions, firms should also submit a STR in compliance with their requirements under the AML/CFT Law (The relevant reporting procedures for STR internally and externally are duly documented in the AML Manuals).

RECORD KEEPING

The Company should keep all information and data related to sanctions for a period of five (5) years, following the end of the business relationship or after the date an occasional transaction was completed, allowing for the production of an audit trail of the actions taken in relation to sanctions.

Information to keep, as a minimum, include:

All the relevant information as per the AML Directives
Internal evaluation forms
Internal reports with all the relevant documents and information
The information or grounds which triggered the match (i.e., the positive match of the screening process)
Any further checks, actions or enquiries taken
The applicable sanctions regime
The person(s) involved, including any members of the Compliance Department or Senior Management who concluded that the positive match represented a false positive
The nature of the relationship with the person or entity involved, including attempted or refused transactions
Action taken following the classification of the match as a “true match” and
sanctions screening, false positives and true matches records.

In cases where it is reasonably justified, firms should retain records and information for five additional years, bringing the total retention period to a maximum of ten years after the end of a business relationship with a client or after the date an occasional transaction was completed.

“Reasonable justification” refers to the prevention, detection and investigation of Money Laundering and Terrorist Financing in relation to ongoing criminal proceedings or suspicions. Firms should establish processes for the retrieval of records and information retained, which must be accessed timely and without delays. The Electronic KYC Client Files maintained by the Onboarding Team in the designated AML Record Areas are destroyed after written approval is obtained by the Board of Directors. It is highlighted that the destruction of the documents and files should be in accordance with the retention policy of the firm as described above and in the AML Manuals.

TRAINING & AWARENESS

The Company ensures that has adequate and appropriate financial, human and technical resources to manage the sanctions requirements. Employees are regularly given adequate training, aimed at helping them understand and enforce the sanctions policy.

The introduction and implementation of restrictive measures must always be in accordance with international law, Cyprus, and EU Legislations and all the relevant Directives.

Sanctions imposed individually by third countries are not enforceable in the EU, but we take such measures into account, in the context of the relevant risk assessment and take proportionate action, including refraining from engaging with affected persons. Company has personnel training programs that correspond to their operations and risk profiles.

Objectives of the sanctions training program are the following:

Ensure that all employees understand their obligations and responsibilities, including key actions to be taken in the event of a reportable sanctions match;
Raise awareness amongst employees of sanctions risk and internal policies, standards and controls;
Help the employees avoid taking any actions that might expose the institution and/or themselves to criminal or civil liability and other negative consequences;
Enable staff to explain the impact of sanctions to the Company’s customers, as required.
Include specific modules addressing sanctions risks in the carbon credit market: beneficial ownership layers, project developer risks, jurisdictional risks, fund flows.
Periodically test awareness (e.g., via scenario-based assessments or refreshers) and keep training records.

All Company employees are responsible for the success of this policy and are invited to suggest ways it might be improved.

The Company ensures that the senior management or Board of Directors of the firm maintain a thorough understanding of and are adequately educated on sanctions and sanctions related matters. The responsibility of the designing and implementation of the Company’s training program lies with the MLRO. The MLRO is also required to assess and evaluate the adequacy of the training program, inform the senior management in cases that weaknesses are identified and take all necessary measures to rectify such weaknesses and adjust the training program to the specific needs and characteristics of the personnel.

The Company ensures that all the members of staff are aware of and familiarised with the policies and procedures referred for the Anti Money Laundering and Sanction avoidance, as well as the relevant provisions of the Persona Data Law. It is mandatory for the Company always to ensure that all staff members have read the AML manuals and Sanction’s policy of the Company and confirm that they understand its content. The Company also ensures that all staff members are always updated with the most recent developments and are provided ongoing training, enabling them to recognise and handle transactions and activities which may be related to Sanctions, Money Laundering and Terrorist Financing.

For this reason any updated version of the Manuals is distributed to the staff and the HR department received confirmation from the staff that read the relevant AML and Sanctions Policy. Also the MLRO informs staff for the amendments of the legislation and the internal policies of the Company as well as the establishment of new Sanctions

EDUCATION & TRAINING PROGRAM

The Company ensures that its employees are fully aware of their legal obligations according to the Law, by introducing a complete employee’s education and training program. The frequency of trainings should be determined taking into consideration key factors like changes in the legislation, regulation, professional guidance, the business’ risk profile, procedures, service lines. So, the MLRO may decide to organize and prepares additional seminars from these which are described in the training program.

The Company devotes much time and resources to the ongoing training and education of its employees in the recognition and handling of transactions and activities which may be related to Sanctions, ML & TF. The employees are trained by the MLRO (at least on an annual basis, or more frequently where needed), or with external organisations and specialists. When preparing the AML and Sanction training plan, the MLRO’s main purpose it to create an AML and Sanction compliance culture within the Company, paying special attention to the risk-based approach.

The HR department of the Company maintains a log of all trainings performed and a detailed list of all participants.

The timing, content and methods of training for the various levels/types of staff should be tailored to meet the needs of the Company. Training provided by the MLRO can take many forms and may include:

Face-to-face training seminars.
Completion of online training sessions – attendance at Sanctions AML/CFT conferences and participation in dedicated Sanctions AML/CFT forums.
Practice Company meetings for discussion of Sanctions AML/CFT issues and risk factors; emails, guidance notes, newsletters and publications on current AML/CFT and Sanctions issues.

The education and training program of the Company should always confirm that:

all employees are aware of the background on which the Law is enacted and their responsibilities and personal statutory obligations.
all employees are aware of the fact that they may be personally liable for failing to report information in accordance with the Company’s internal procedures.
all employees are trained to recognize red flags and encouraged to alert the MLRO of any knowledge or suspicion of transactions or activities involving money laundering or terrorist financing and Sanctions
all employees are fully aware of their responsibilities for identification and reporting of suspicious transactions.
all employees are aware and trained in relation to the Client Due Diligence (CDD) and Know Your Client (KYC and Sanctions) in relation to monitoring the business relationship, as well as the specific transactions of the client. It must be emphasized not to hesitate enquiring with clients and corroborate on transactions ensuring that enough information is gathered about the type of business activities expected in relation to that client at the outset, so as to know what might constitute suspicious activity at a future date.
all employees are trained to be cautious and identify any change in the pattern of a client’s transactions or circumstances that might relate to Money Laundering and/or Terrorist Financing and Sanctions.

Additional Considerations for Carbon-Credit Business

Ensure that project developers, issuers or registries used by the Company are not based in or affiliated with sanctioned jurisdictions or entities.
Implement contractual clauses in counter party documentation requiring representation and warranties that no sanctions breach exists, and right to exit/terminate if a breach occurs.
Consider obtaining enhanced legal advice for transactions involving jurisdictions with heightened sanctions risk, layered ownership or cross-border flows of funds or credits.
Maintain awareness of emerging sanctions regimes (e.g., thematic sanctions for human rights, cyber-attacks or corruption) which may impact counter parties or projects even if the country is not fully sanctioned.

Additional Considerations for Carbon-Credit Business

Ensure that project developers, issuers or registries used by the Company are not based in or affiliated with sanctioned jurisdictions or entities.
Implement contractual clauses in counterparty documentation requiring representation and warranties that no sanctions breach exists, and right to exit/terminate if a breach occurs.
Consider obtaining enhanced legal advice for transactions involving jurisdictions with heightened sanctions risk, layered ownership or cross-border flows of funds or credits.
Maintain awareness of emerging sanctions regimes (e.g., thematic sanctions for human rights, cyber-attacks or corruption) which may impact counterparties or projects even if the country is not fully sanctioned.

Sanctions Policy

OFFICES

MENU

POLICIES