KYC Policy

Please read this KYC Policy carefully before using the Services. It includes our KYC Policy.

POLICY ON ANTI MONEY LAUNDERING, COMBATING THE FINANCING OF TERRORISM AND KNOW YOUR CUSTOMER

(KYC/CTF/AML POLICY) 

This AML (Anti Money Laundering), CTF (Combating the Financing Terrorism) and KYC (Know Your Customer) Policy is an integral part of the BİTAVİTA User Agreement and should be evaluated and considered together with the Agreement. 

1. PURPOSE

BİTA Teknoloji Anonim Şirketi (“BİTAVİTA”) has prepared this Anti-Money Laundering / Combating the Financing of Terrorism and Know-Your-Customer Policy (“Corporate Policy”) to ensure the execution of its activities in accordance with the Law No. 5549 on Anti-Money Laundering, Law No. 6415 on the Combating the Financing of Terrorism, and other applicable legislation, and the standards accepted by international authorities, especially FATF (The Financial Action Task Force); to know and identify the customer, to comply with the liabilities regarding the prevention of money laundering and the financing of terrorism; to evaluate the customers, transactions and services with a risk-based approach, and to determine the main methods to be based on in the management of the compliance risk, and the strategies, controls and measures, operating rules and responsibilities for reducing the risks that may be exposed, to raise awareness of and inform our company's employees and customers accordingly.

2. FIELD OF APPLICATION, ENFORCEMENT AND RESPONSIBILITY

The Corporate Policy forms the basis of all rules, practices and initiatives related to policy, procedure, guideline and control criteria and risk management in order to ensure compliance with obligations regarding the prevention of money laundering and financing of terrorism.

While preparing the Corporate Policy, the size of the business, business volume and the nature of the transactions carried out were also considered, and the issues determined within the scope of the national risk assessment were also taken into account.

The CEO is ultimately responsible for the efficient and effective execution of the entire Corporate Policy in accordance with the scope and nature of the activities of BİTAVİTA. Measures and practices created in line with the risk-oriented approach under the Corporate Policy are reviewed at least once a year and necessary updates are made.

A Compliance Unit is established within the Company in order to coordinate the execution and conduct of the Corporate Policy and to ensure compliance with the Laws and the obligations introduced by the legislation enacted on the basis of Laws, and a Legal Representative, who is equipped with the necessary authority, is appointed as the manager of the said unit (See: 6. Organization, Duties and Responsibilities of Compliance Unit).

3. RISK MANAGEMENT

 “Risk” is defined as the possibility of using the services provided by BİTAVİTA for the purpose of money laundering or financing of terrorism, failure to fully comply with the obligations pursuant to Law No 5549 and the relevant regulations or the financial or fiduciary loss which BİTAVİTA or its employees may be exposed to.

BİTAVİTA develops risk identification, rating, classification and evaluation methods based on customer risk, transaction risk, service risk and country risk in order to manage the said risks; and assigns points to services, transactions and customers according to their risks, rates and classifies them.

Within the scope of risk management; necessary measures are taken to reduce the risks that may be exposed, and additional measures to be applied to risky customers, transactions and services are determined. In addition, necessary rule sets are created for monitoring and controlling risky customers, transactions and services, and appropriate operation and control rules are developed to carry out and, if necessary, audit them with the approval of the higher authority.

The consistency and effectiveness of risk identification and assessment methods and risk rating and classification methods are examined retrospectively through case studies or actual transactions, and the said methods are re-evaluated and updated according to the conclusions and developing conditions. The said evaluations and updates are made at least once a year and more frequently as needed, taking into account the degree of risk and considering the density of suspicious situations arising from the transactions that are subject to examination.

Risk monitoring and evaluation results are reported to the Company's Board of Directors once a year.

3.1. Risk Classification

The risk perception within the scope of the Corporate Policy is determined by considering the size of the business, the business volume and the nature of the transactions performed, and is updated with a proactive methodology based on a risk-oriented approach. In this context, the elements that make up our risk perception are grouped under four headings:

Customer Risk means the risk of abuse of BİTAVİTA due to the fact that the customer or those acting on behalf or on account of the customer act for the purpose of money laundering or financing of terrorism,

Transaction Risk means allowing abuse for the purpose of money laundering or financing of terrorism when the frequency, amount and motivation of the transaction are considered,

Service Risk means the risks that may be exposed within the scope of crypto-asset transfer service, the types of crypto assets known to be more commonly used in transactions related to crimes, new products and promotional campaigns to be offered using emerging technologies,

Country Risk means the risk that the Company may be exposed to due to business relations and transactions with the citizens of the countries announced by the Ministry that do not have adequate regulations on the prevention of money laundering and financing of terrorism, do not cooperate sufficiently in the combat against these crimes or are declared risky by competent international organizations.

 The risk classification model we are using will be reviewed at regular intervals.

3.2. Risk Rating

As a result of the risk assessment studies carried out by our company; it is grouped under 3 headings according to customer, transaction, services and country risk levels:

Our company reviews the risk rating model it uses once a year.

3.2.1. Risk ratings and measures to be taken accordingly

Our company subjects its customers to a risk rating based on the age and nationality information obtained from the customer during the know-your-customer and identification processes, the quality and quantity of the transactions performed by the customers, the services they use, and the countries where the transaction is made. Risk factors are determined in rule sets according to customer, transaction, services and country risk levels. When determining risk factors, it considers the volume, timing and frequency of Turkish lira and crypto asset transactions, as well as age, nationality and membership level. Each customer is assigned a risk score for each risk factor. The total numerical value obtained by summing the scores assigned to a customer for each risk factor is defined as the “Customer Risk Rating”. In this way, customers are divided into three categories: (i) High Risk, (ii) Standard Risk and (iii) Low Risk.

In addition to the risk levels, as a result of BİTAVİTA's risk-based approach, crypto asset withdrawal-deposit transactions and Turkish Lira withdrawal-deposit transactions were separated and membership levels were determined according to the daily and monthly transaction volumes of the customers. Identity documents, which are the basis for advanced membership applications, are also evaluated in order to determine their authenticity. Advanced memberships of customers with high country risk are not approved.

 

3.2.1.1. Measures to be applied to high-risk groups

The company applies additional measures and controls to customers identified as high risk as a result of risk profile assessments made according to customer risk classification criteria. In this context, for the transactions above certain limits, approval from the Legal Representative is also required before the relevant transaction is carried out. As the level of risk increases, the customer is subjected to more stringent measures in terms of recognition and identification of the customer, and his/her transactions are examined more deeply. In this context; following additional measures are applied to high-risk customers, consistent with their risk ratio.

3.2.1.2. Measures to be applied to low-risk groups 

Simplified measures stipulated in the legislation will be applied in the identification and confirmation of customers who are determined as low risk as a result of risk profile assessments made according to customer risk classification criteria, and updates regarding identity information, documents and related records will be made every three years.

3.2.1.3. . Measures to be applied to standard risk groups

Simplified measures stipulated in the legislation will be applied to customers who are not considered to be in the high or low risk group and are considered to be standard risk as a result of the risk management and assessment studies, and updates regarding their identity information, documents and related records will be made every two years.

3.3. Risk Management within the Scope of Customer Acceptance 

As a basic principle, the company does not provide services to persons who have not passed the stages of customer recognition.

In addition to the measures to be applied in customer acceptance, persons that BİTAVİTA will not accept as customers within the framework of risk-oriented approach are also determined by this Policy (See: 3.3.1. Customers with whom a continuous business (service) relationship will not be established, rejection of the transaction and termination of the business relationship). Our company evaluates the persons it will accept as customers in terms of money laundering and financing of terrorism risks. For customers determined to be at a higher risk level as a result of these assessments, tightened measures are applied in the processes related to customer acceptance and monitoring of transactions.

3.3.1. Customers with whom a continuous business (service) relationship will not be established, rejection of the transaction and termination of the business relationship

The Company does not open accounts to persons who refuse to submit information and documents required to be submitted in accordance with legal regulations. On the other hand, refraining from submitting the information and documents required by BİTAVİTA in accordance with the account opening processes also constitutes a reasonable justification for rejecting the requests to open an account or make transactions for existing customers.

The customers' refraining from providing the information and documents required to be submitted in accordance with the legal regulations constitutes a reasonable and sufficient justification for the rejection of the customer's account opening request. In addition, the company does not fulfill the requested transaction in case it cannot obtain sufficient information about the purpose of the business relationship or the transaction to be performed in accordance with the current legal regulations and if the customer refrains from meeting the information requests in this direction.

The Company's Legal Representative may, at his discretion, request the closure of an open account or the rejection of the request for opening a new account, when deemed necessary due to risks related to money laundering and financing of terrorism.

3.3.2. Risk management within the scope of knowing the customer 

While establishing the know-your-customer processes within the scope of the Corporate Policy, both national and international legislation are taken into account. These norms in national and international legislation basically indicate that a risk-oriented approach should be taken as a basis in the customer recognition process. In the national legislation, the legal obligations in the Law No. 5549 on the Anti-Money Laundering, the Regulation on the Anti-Money Laundering and the Financing of Terrorism, and related communiqués are taken into account as the main regulation regarding the recognition of the customer. Within the scope of international regulations, the "Customer Due Diligence", which is mainly included in the 10th recommendation of the FATF Recommendations, includes the methods to be followed in the know-our-customer processes on the international platform.

The principle of know-your-customer reduces and controls the risk of money laundering, and also facilitates the detection of transactions related to illegal activities. The purpose of customer recognition is to ensure clarity in the customer's transactions and information, and to establish and maintain a relationship based on mutual trust.

The company handles the customer recognition process with a risk-based approach. The risk model determined by the company is also used in the monitoring and control of customer transactions. Within the scope of the customer recognition process, information regarding the recognition of the customer is obtained from the customers who will open an account with BİTAVİTA.

 

 

4. RECOGNITION OF CUSTOMER

The correct and complete fulfillment of the procedures for the recognition of the customer is of great importance in terms of correctly evaluating the customer within the framework of the Company's customer acceptance policy.

BİTAVİTA applies the following measures to know the customer within the framework of the current legislation.

4.1. Identification

Identification is the most important step of the customer recognition process. BİTAVİTA identifies customers and confirms the information within the scope of identification, in transactions that require identification, within the framework of the legislation determined by MASAK. BİTAVİTA maintains the log records of the confirmation of customer identity information in the company database for at least eight (8) years from the date of registration (See: 8. Retention and Presentation & Obligations to Provide Information and Documentation). In accordance with the legal regulations, a customer relationship cannot be established without fulfilling the obligations regarding identification. Identification of the customer is completed before a permanent business relationship is established between the customer and BİTAVİTA or before the customer realizes any transaction. After paying attention to the fact that the information and documents are true and complete, it is ensured that the necessary measures are taken to determine whether the action is taken on behalf of someone else. In the event that the customer refrains from giving the information, documents and declarations required in accordance with the legal regulations to which the Company is subject, including the anti-money laundering and financing of terrorism, and tax regulations, no business relationship is established with the customer.

The Company takes the necessary measures to ensure that an appropriate and sufficient identification can be made for those who benefit from its services using innovative technological tools.

Customer identification and confirmation procedures are operated once a year for all customers in the following cases, and information, documents and records of customers are controlled, completed and updated.

The customer requesting a transaction on the platform cannot perform the said transaction for the benefit of a third party. In cases that the Customer declares that he/she is acting on his/her own behalf/account; however, it is suspected to act for the benefit of a third party, BİTAVİTA takes all measures to determine the identity of the real beneficiary. Accounts will not be opened for persons who are determined to act on behalf or on account of a third party. If it is thought or detected that the he/she acts on behalf/account of the owner of a previously opened account, the relevant account is first frozen for precautionary purposes (transactions are blocked) and finally, in cases where the identities of those acting on behalf/account of the customer cannot be identified and confirmed, the relevant account is closed after the necessary investigations are made. In cases where the account is closed or frozen for the aforementioned reason, the subject is also evaluated in terms of suspicious transaction reporting obligation. When creating a user account, the user is obliged to declare his/her own identity and contact information only to act on his/her own behalf and account, and cannot create an account by declaring someone else's identity and contact information or for joint use. Otherwise, the customer accepts and declares that BİTAVİTA may close his/her account with a unilateral decision and terminate its continuous business relationship with him/her.

Except for the above-mentioned cases, if the customer clearly declares and requests in writing that he/she wants to act on behalf of someone else; although it is required 

the relevant accounts are closed and the continuous business relationship with the customers is terminated taking into account the difficulties that may be encountered in identifying the customers and those acting on behalf and account of the customers and confirming the accuracy of the information and documents, which are the basis for identification, considering the basic legal bases and justifications mentioned above.

4.2. Simplified Measures

In cases where the risk of money laundering and financing of terrorism can be considered low according to the type, nature of the transaction and the risk profile of the customer, it means the methods that allow to simplify the principles to be followed regarding the know-your-customer process principle, that is, not to need to implement all of the standard measures stipulated by the regulations, or to implement the determined methods more easily.

In this context, simplified measures are limited to the identification procedures, identification of those acting on behalf of someone else, recognition of the real beneficiary, monitoring of the customer's status and transactions. In the said obligations; it allows to obtain the information to be obtained from the customer by making use of publicly available sources, third parties with which the customer had a business relationship before and other sources, and to record the information obtained in writing or electronically.

For every situation where a simplified measure can be applied; it is necessary to evaluate whether there will be abuse in terms of money laundering or financing of terrorism, and therefore the risk of money laundering and financing of terrorism should be evaluated separately for each transaction. In this context, simplified measures cannot be applied to transactions that are considered risky.

In cases where money laundering or financing of terrorism is suspected, the simplified measure is not applied and the matter is reported to the MASAK Presidency as a suspicious transaction report.

The situation in which simplified measures can be applied for BİTA is explained below.

4.2.1. Transactions carried out exclusively in electronic environment

It is not obligatory to confirm the identity of the customer within the framework of the procedure in Article 6 of the Regulation on Measures, titled "Identification of Real Persons", and to take a signature sample provided that

BİTAVİTA's customers can benefit from the services offered by the company only by becoming a member of the platform accessed via www.bitavita.com and/or BİTAVİTA mobile applications, and our company carries out all of its commercial activities exclusively in electronic environment, without facing the customer. Persons whose identity information has been confirmed and accepted as customers can make all TL deposits and withdrawals from/to their accounts with BİTAVİTA only through a bank account compatible with their identity information. In this respect, BİTAVİTA may implement simplified measures for identification and monitoring of customer transactions, within the framework of the procedures permitted by MASAK legislation.

Before establishing a permanent business relationship, identity information is obtained from the customer in the membership application received in the electronic environment. Although it is not included in the general practice, when there is risk and doubt specific to the customer and the transaction, the customer can be visited at the his/her address for face-to-face verification. In case of need, BİTAVİTA can also obtain the said information by visiting the customer at his/her address and verifying face-to-face. This information is confirmed by documents or independent sources when necessary and possible.

Simplified Measures, which BİTAVİTA takes as a basis for identification and confirmation of real person customers with whom it establishes a permanent business relationship, are not valid for legal entity customers registered in the trade registry. Before establishing a permanent business relationship with legal entities registered in the trade registry, identification and customer recognition process is carried out and completed by obtaining the necessary information and documents, examining the documents and making the necessary research and finally confirming the information.

In transactions to be carried out by legal entities registered in the trade registry within the scope of a permanent business relationship; the identity of the 

is identified and confirmed.

In order to understand the purpose and nature of the business relationship of legal persons registered in the trade registry with BİTAVİTA, questions are asked to real persons authorized to represent the legal entity and the user agreement is drawn up in written form.

4.3. Advanced Memberships

For advanced membership, the following documents are obtained, reviewed and approved; in addition, verification is performed with the kodmatik application.

4.4. Confirmation of Credentials

Once the identities of all new and existing customers are determined, they are verified to a reasonable level as stipulated in the legislation.

In the customer's membership application received in the electronic environment; (i) name, surname, (ii) date of birth (iii) identity number and (iv) nationality are confirmed by inquiry using the database of the Ministry of Interior, General Directorate of Population and Citizenship Affairs. Only after this control, the establishment of a permanent business relationship with real persons is automatically approved.

4.5. Tightened Measures

With the term "Tightened Measures", the measures envisaged to be taken in addition to the standard measures based on identification and confirmation, and the situations in which these will occur are determined in our national legislation and the relevant recommendation of the FATF in the processes related to the recognition of the customer. BİTAVİTA has determined the prevention methods in this context with the risk assessment and rating approaches it has created based on these standards. The basic principles on which the implementation of the tightened measures are based are set out below.

4.6. Circumstances Requiring Repetition of Identification 

The identification process should be repeated in the following cases.

In these cases, the identification process should be repeated by following the tightened customer acceptance steps applied for risky customers.

4.7. Monitoring Customer Status and Transactions

As a result of monitoring and control activities, in cases where the transaction that the customer wants to perform is not fully clear, the customer refrains from making a statement on this matter or even if he/she makes an explanation, BİTAVİTA does not find it satisfactory/sufficient, the requested transaction may be refused, and additional measures are taken including closing the account if the transaction has taken place.

Customers' identification information, customer identification documents and related records are updated annually for high-risk customers, once every two years for standard-risk customers, and once every three years for low-risk customers.

5. MONITORING AND CONTROL

The purpose of Monitoring and Control activities is to protect against the risks of money laundering and financing of terrorism and to continuously monitor and control whether the activities are carried out in accordance with the Law and the regulations and communiqués issued pursuant to the Law, as well as the Entity's Policies and procedures.

During the active relationship with the customer, regular review, monitoring and control studies are performed to ensure that the transactions carried out in the account are consistent with the information held by BİTAVİTA regarding the customer.

Recognition of the customer is not a one-time process and it is necessary to keep the information about the customer up-to-date as long as the customer relationship continues. This can only be achieved by regularly reviewing the evaluations made within the scope of the know-your-customer principle and identifying and completing the deficiencies, if any. In order to increase the effectiveness in this regard, a risk-based approach is taken in the determination of the need for review, as in customer acceptance. BİTAVİTA may monitor certain customers more closely within the framework of the information obtained as a result of the risk analysis and the results it has reached.

Within the framework of the information obtained as a result of the risk analysis and the results achieved, certain customers can be monitored more closely and more stringent control processes are applied for these customers. The Company takes measures to ensure the provision of information and documents to be obtained from customers regarding account opening, within the framework of legal regulations, and establishes the necessary control mechanisms for this purpose. In the event that such a deficiency is detected/occurs later, it is obligatory to complete the said deficiencies in a timely manner and in a manner not contrary to the provisions specified in the legal regulations. On the other hand, if there is any doubt about the adequacy and accuracy of the customer's identity information regarding an existing customer, re-identification and confirmation is made. In cases where this cannot be done, the business relationship is terminated within the framework of legal regulations.

Within the scope of monitoring and control activities; the deficiencies identified as a result of the controls carried out to ensure compliance with the obligations introduced by the laws are reported to the relevant units via e-mail at least once a year in order to take the necessary measures, and the results are followed up through monthly meetings.

Necessary authorizations are made and appropriate measures are taken to ensure that the personnel carrying out monitoring and control activities have access to in-house information resources in order to fulfill their duties fully and accurately. BİTAVİTA's database, where customers and customer transactions are recorded and stored, is open to the use of Compliance Unit employees without restriction, and tools that will enable making inquiries by using different variables to constitute a source for investigations are allocated to these employees.

5.1. Suspicious Transaction Notifications

As a result of the findings obtained as a result of the Monitoring and Control activities and within the framework of the services provided by the Company, in cases that raise suspicions about money laundering and financing of terrorism, transactions decided to be suspicious by the Legal Representative as a result of the necessary examinations and investigations made by the Compliance Unit (suspicious transaction) is reported to the MASAK Presidency by the Legal Representative in accordance with the current legislation, regardless of the amount.

In other words, the Legal Representative ultimately decides whether a transaction is reported to the MASAK Presidency as a suspicious transaction or not, and the Legal Representative directly reports suspicious transactions to the MASAK Presidency.

The Company and its Legal Representative do not disclose to anyone, including the parties to the transaction, apart from the auditors assigned for liability inspection and the courts during the trial that suspicious transaction has been reported to the MASAK Presidency. Internal notifications made to the Company's Legal Representative are also within the scope of confidentiality. The necessary measures are taken by the CEO and Legal Representative to ensure that the personnel do not violate this obligation. These obligations continue even if company employees leave their positions.

6. ORGANIZATION, DUTIES AND RESPONSIBILITIES OF THE COMPLIANCE UNIT 

BİTAVİTA appoints a Legal Representative, reporting to the CEO and exclusively as the personnel of the organization, meeting the conditions required for the persons to be appointed as compliance officer, in Article 17 of the Regulation on the Program of Compliance with the Obligations Regarding the Money Laundering and the Financing of Terrorism. The Legal Representative is authorized by the Board of Directors to send suspicious transaction reports electronically or by mail, and to conduct all kinds of negotiations with MASAK on money laundering and financing of terrorism. Sales and marketing-related duties are not under the responsibility of the Legal Representative.

BİTAVİTA establishes a Compliance Unit consisting of employees who work directly under the Legal Representative and are responsible for the execution of all compliance processes. CEO ensures that sufficient personnel and resources are allocated to the Compliance Unit considering the factors such as the size of the business, transaction volume, number of active customers and personnel, or the highness of the risks that BİTAVİTA may face, in order to ensure that the Legal Representative can effectively fulfill his/her duties and responsibilities.

The execution of the Corporate Policy as a whole and the risk management, monitoring and control activities within the scope of the Corporate Policy are carried out by the Compliance Unit under the supervision, control and responsibility of the CEO.

The Legal Representative and his/her staff are responsible for constantly monitoring the legal regulations and standards regarding crypto assets and blockchain technologies, as well as announcements, guides, regulations, legislation and arrangements related to money laundering and financing of terrorism.

 

7. TRAINING

The main purpose of the training activities is to increase the knowledge level of the employees in order to comply with legal obligations and to adopt the awareness of responsibility in risk-based approach as a corporate culture.

In line with the Corporate Policy, the annual training program, which includes the functioning of the training activities, who will be responsible for the realization of training activities, the determination of the personnel and trainers to participate in the training activities, their training and training methods under is prepared with the participation of the relevant units the supervision of the Legal Representative. The effective implementation of the training program is overseen by the BİTAVİTA Legal Representative.

BİTAVİTA  training policy is established to include as a minimum the establishment of Corporate Policy and procedures, risk management and the execution of monitoring and control activities, and training subjects are determined within this scope.

BİTAVİTA determines the training needs of its employees, especially those who directly accept users or have a higher risk of encountering suspicious transactions, and ensures that their information is kept up-to-date by providing them with regular training, within the scope of the human resources and training policy adopted and as a part of the created corporate culture; on combating money laundering and financing of terrorism, risks and liabilities related to them, knowing the customer, establishing Corporate Policy and procedures, and conducting monitoring and control activities or on other basic issues regulated in BİTAVİTA's compliance risk policy independently of such training.

Periodic training of BITAVITA covers at least the following subjects.

Training programs in which the basic principles of national and international legislation are explained are supported by good practice examples. Trainings can be given in four different ways: in-class, distance education, conference or informative messages. Planning and coordination of training activities are carried out under the supervision of the Legal Representative.

8. RETENTION AND SUBMISSION & INFORMATION AND DOCUMENT PROVIDING OBLIGATIONS 

Maximum effort is made by the company and its employees to ensure that relations with domestic and foreign legal authorities are carried out in accordance with the relevant legislation. Flows and control points are established by the legal authorities to ensure that the necessary care is provided for the correct, complete and timely transmission of the information, documents and records requested for audit and control purposes. In this context, meeting the information/document requests from legal authorities is under the responsibility of the relevant units within the scope of the Corporate Policy, and the BİTAVİTA Legal Representative is informed about such requests. In this way, the CEO and the Board of Directors are informed about important matters through the BİTAVİTA Legal Representative. Any physical documents transmitted to BİTAVİTA by MASAK Presidency are immediately forwarded to the Compliance Unit without opening the mail envelopes and ensuring confidentiality. 

In any environment regarding the obligations and transactions introduced by the Law No. 5549 on the Anti-Money Laundering, documents are kept for at least eight (8) years from the date of issue, books and records from the date of last entry, and documents related to identification from the last transaction date. The starting date of the retention period of the documents related to the identification of the accounts with BİTAVİTA is considered as the date the account is closed. Rules regarding longer storage periods arising from other legislation are reserved.

The company and its employees provides any information, documents and relevant records in any media that may be requested by the MASAK Presidency and audit staff, all the information and passwords required to access or make these records readable, fully and accurately, and provides the necessary convenience. BİTAVİTA and its employees, to whom request is submitted, cannot refrain from providing information and documents by citing the provisions written in special laws, without prejudice to the provisions regarding the right of defense.

9. CONFIDENTIALITY OBLIGATION

BİTAVİTA employees cannot disclose the secrets they have learned about the persons, transactions and account status, business, entities, wealth or profession of the customers and the persons related to the customers or other matters that should be kept confidential, with the exception of persons and institutions expressly authorized by law, and they cannot  use them for the advantage of themselves or third parties.

It cannot be disclosed to anyone, including parties to the transaction, other than the supervisors who carry out liability audits and the courts during the trial, that a suspicious transaction has been reported.

These obligations continue even if Company employees leave their positions.