Established by the decision of the Management Board of FINAURA OÜ (registry code 14696643)
(hereinafter referred to as the “Company”) on 30.06.2020.
Registration Code: 14696643
Registered address: Roosikrantsi 2-768K, 10119 Tallinn, Estonia Company Main
Business Activities: providers of a virtual currency service
General provisions 3 Definitions 3 Description of the activities of the Provider of service 4 Compliance Officer
4 Application of due diligence measures 5 Normal due diligence measures 6 Identification of Clients 6
Establishing the purpose and actual substance of a Transaction 12 Simplified due diligence measures 12
Enhanced due diligence measures 13 Risk assessment 13 Registration and storage of data 19 Reporting,
including of suspicious Transactions 20 Implementation of International Sanctions 21 Training 22 Internal
audit and amendment of the Rules 22 Form 1 virtual currency [wallet/exchange] service 24 Exhibit 1 27
Exhibit 2 28
1. Introduction
1.1. This Risk Appetite Statement (RAS) is essential to the risk management framework. 1.2. The objective of
the Ras is to help us make decisions about risk. It provides guidance in terms of: 1.2.1. The amount of risk that
the Company Is willing to pursue, retain, accept or tolerate to achieve our strategic and operational
1.2.2. Embedding risk management as part of our decision making.
1.2.3. Ensuring that an appropriate level of risk taking is being applied in our daily work. 1.2.4. The
purpose of the risk assessment provided in the Money Laundering and Terrorist Financing Prevention
Act (“hereinafter, “the Act””) is to define the possible risks and measures in the economic activities of
the Company and how to mitigate these risks.
2. Definitions
2.1. Client means a person or legal entity that wishes to conduct a business relationship with the Company.
2.2. Risk appetite refers to the amount and type of risk that our Company is comfortable to accept to achieve
our objectives. It balances the benefits of change or innovation with the threats that the change may
bring. It sets the boundaries for the risks we can tolerate in our activities and helps us find the balance
between risk taking and risk avoidance.
2.3. Virtual Currency means a value represented in the digital form, which is digitally transferable, reservable
or tradable and which natural persons or legal persons accept as a payment instrument, but that is not
the legal tender of any country or funds for the purposes of Article 4(25) of Directive (EU).
2.4. Virtual Currency Exchange Services rmeans a service with the help of which a person exchanges a virtual
currency against a fiat currency or a fiat currency against a virtual currency or a virtual currency against
another virtual currency.
2.5. Virtual Currency Wallet Services - means a service in the framework of which keys are generated for clients
or clients’ encrypted keys are kept, which can be used for the purpose of keeping, storing and
transferring virtual currencies.
2.6. High-Risk Third Country means a country specified in a delegated act adopted on the basis of Article 9(2)
of Directive (EU) 2015/849 of the European Parliament and of the Council on the prevention of the use
of the financial system for the purposes of money laundering or terrorist financing, amending
Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive
2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC.
2.7. Money Laundering means the conversion or transfer of property derived from criminal activity or property
obtained instead of such property, knowing that such property is derived from criminal activity or from
an act of participation in such activity, for the purpose of concealing or disguising the illicit origin of the
property or of assisting any person who is involved in the commission of such an activity to evade the
legal consequences of that person’s actions; the acquisition, possession or use of property derived from
criminal activity or property obtained instead of such property, knowing, at the time of receipt, that such
property was derived from criminal activity or from an act of participation therein; and the concealment
or disguise of the true nature, source, location, disposition, movement, rights with respect to, or
ownership of, property derived from criminal activity or property obtained instead of such property,
knowing that such property is derived from criminal activity or from an act of participation in such an
3. Core Principles
3.1. Overall, the Company has a balanced approach to risk. Our risk appetite is based on our core values and
aligned to our strategic objectives. It is important to remember that risk management is not purely
about avoidance of risk. Our vision and strategic objectives require that we manage risk based on value.
3.2. We accept that risk is commensurate with potential reward such as growth, transformation and
3.3. The key aspects of achieving balance are:
3.3.1. Ensuring ethical and effective governance practices, including responsible management of
3.3.2. Capitalizing on opportunities that promote growth, transformation and innovation, while
avoiding unnecessary negative impacts.
3.3.3. Preventing a culture that is risk averse and stifles growth, transformation and innovation. 3.3.4.
Fostering a culture that supports value-based assessment and management of risks. 3.4. The following core
principles provide context for decision-makers in applying the RAS: 3.4.1. The RAS is not an exhaustive list that
addresses every situation but provides general guidelines. 3.4.2. Everyone is empowered to interpret the RAS
to make pragmatic, risk-based decisions in the best interest of the Company and its shareholders.
3.4.3. The RAS is a forward-looking expression of risk appetite. It reflects our tolerance for accepting new
or developing risks (in addition to current risks) in achieving the Company's strategic objectives.
3.4.4. Our risk appetite and risk tolerance are dynamic and will change over time in response to
different drivers.
3.4.5. All decisions align with the Company's Strategy and Mission, Vision and Values.
4. Key Risk Appetite Concepts
4.1. Our risk appetite is a reflection of the Company's risk profile and capacity to take risks.
4.2. We use the following concepts in defining appetite:
4.2.1. Risk profile this is our overall position on risk. It considers the type and amount of risk the
Company is exposed to across all risk categories.
4.2.2. Risk capacity —the maximum level or ‘ability' of the Company to accept risk in each risk
4.2.3. Risk appetite the amount and type of risk the Company is comfortable to accept to achieve its
4.2.4. Risk tolerance (upper and lower limits) the level (generally quantitative) of risk which, if reached,
would require an immediate escalation and corrective action. A breach of tolerance is a breach
of risk appetite The RAS sets boundaries for the Company to identify and control our risk
capacity, risk profile, and risk appetite when evaluating and pursuing our strategic objectives.
5. Statements of
Risk Appetite
5.1. Risk appetite
statements are aligned to categories of risk.
5.2. The table attached hereto under Annex 1, summarizes the Company’s risk appetite within each of our risk
5.3. We recognize that our appetite for risk varies according to the activity undertaken. Our acceptance of risk
is always subject to ensuring that the potential benefits and risks are fully understood before activities
are authorized, and that sensible measures to mitigate risk are established where required.
6. Risk Appetite Ratings
6.1. The table below lists our Risk Appetite Ratings.
Risk Appetite
Description of Criteria Risk Response
Zero Appetite Low Appetite
The Company is not willing to
accept risks, threats, opportunities
under any circumstances. All
reasonably practicable measures
to eliminate the risk must be
Safe approaches should be taken,
but the cost of controls /
mitigation should be carefully
evaluated to ensure they achieve a
reasonable outcome. A strong
preference for strategies and plans
that present minimal risk.
Unacceptable / No tolerance
Moderate Appetite
Can accept a degree of
uncertainty to achieve an
intended outcome providing that
effective measures are in place to
monitor the risk and limit adverse
Tolerable / Conservative
High Appetite
Comfortable for risks to be taken even if there is a high degree of
uncertainty to gain
highly valued reward/s.
7. Risk Assessment
7.1. For the purpose of identification, assessment and analysis of risks of money laundering and
terrorist financing related to their activities, the Company prepares a risk assessment, taking