Last updated: 2023/03/20

Version: 4.0



Bloom Finance Ltd. (hereinafter – Company) was incorporated with the Companies House of the United Kingdom on September 2, 2020 under the Company number 12853058. Company is an authorised Electronic Money Institution (EMI) agent regulated by the FCA under registration number 902912.

This document sets out the principles and standards for compliance and management of risks associated with financial crime in the Company. The purpose of this document is to prevent the Company from being used for financial crime to comply with all applicable legal requirements and to ensure that the most appropriate action is taken by the Company to mitigate the risks associated with financial crime.

This document outlines the applicable legal requirements related to financial crime to which the Company must adhere, as well as internal measures which are established by the Company to ensure it complies with these legal requirements. This document is referred to as the AML and CFT and Sanctions Policy and sets the parameters for the Company in relation to the AML, CFT and sanctions framework.

The Policy applies to all Company employees, all units in the Company, senior management, foreign correspondents, contractors and third parties with whom the Company may contract with.

The aim of the Company is not only to comply with relevant legal requirements, but also to mitigate and reduce the potential risk to the Company of its customers using Company’s products, services and delivery channels to launder the proceeds of illegal activity, fund terrorist activity or conduct prohibited financial sanctions activity.

This AML Policy is elaborated in accordance with:

–    FAFT (Financial Action Task Force) recommendations on AML and CFT

–    Terrorism Act 2000

–    Anti-terrorism, Crime and Security Act 2001

–    Proceeds of Crime Act 2002

–    Serious Organised Crime and Police Act 2005

–    Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017

–    Money Laundering and Terrorist Financing Regulations 2019

–    Sanctions and Anti-Money Laundering Act 2018

–    JMLSG (Joint Money Laundering Steering Group) Guidance

The Company’s Management Board is liable for implementation of this AML Policy, allocation of sufficient financial resources, attraction of qualified employees, organization and supervision of controls.

The Policy must be updated at least once a year, or more frequently based on international requirements and legislative changes.

The procedures contained within this Policy relate to all Customers of the Company.

The Company’s Management Board designates one of its members who is directly responsible for monitoring AML / CFT legislation and the implementation of AML Policy.

The purpose of preventive measures taken by the Company is:

  • to analyse requirements of the Company’s internal regulations and the actual performance thereof in order to identify imperfections in the existing system or performance (employees);
  • to improve internal regulations, training of responsible employees.

In addition to Management Board and the MLRO, the employees of the Company are also responsible for implementing respective aspects of this policy.



The Company takes steps to identify and assess the risks of ML and FT to which its business is subject.

In carrying out the risk assessment required, the Company must take into account risk factors relating to:

  • its customers;
  • the countries or geographic areas in which it operates;
  • its products or services;
  • its transactions; and
  • its delivery channels.


For every Customer of the Company during onboarding or ongoing cooperation process, based on the previously mentioned points are assigned one of the risk categories: Low, Medium, High, Prohibited.



The Company shall refrain from establishing any business relations with Customers engaged in any of the following commercial activities:


  • Trade in monetary objects (banknotes) and stamps
  • Provision of money services (e.g., cash desks, currency exchange offices, money transfer agents or other service providers offering money transfer opportunities)
  • Financial services related to loan restructuring, debt recovery, loan amendments, etc.
  • Investment services and incidental investment services
  • Reinsurance and insurance services
  • Provision of cash-in-transit services
  • Crypto currency production (mining)
  • Ponzi schemes; Financial pyramid
  • Drugs and drug paraphernalia, narcotic or narcotic-like substances
  • Operation of drug stores and pharmacies, trade in medications, patented drugs and pharmaceutical products
  • Trade in tobacco products
  • Trade in weapons and munitions
  • Trade in jewelry, precious metals and precious gems
  • Trade in antique items and art objects
  • Illegal / pirated audio or video records
  • Hosting, file copying, unlicensed IPTV
  • Counterfeit (forged) goods
  • Goods and services of sexual nature, Adult
  • Intermediation in real property transactions
  • Unofficial charity, political or religious organisations, ICO and Crowdfunding
  • Binary Options
  • Multi-level marketing (MLM)
  • Enter into/maintain business relationships with individuals or entities known or suspected to be a terrorist or a criminal organisation or member of such or listed on sanction lists
  • Maintain anonymous accounts, accounts for shell banks or pay-through accounts


The Company defines a list of jurisdictions with which it does not cooperate, as well as a list of high-risk countries based on FATF high-risk and other monitored jurisdictions, The Basel AML Index, European Commission list of high-risk third countries, EU and U.S. sanctions programs etc.


Non-cooperative countries: Afghanistan, Burundi, Central African Republic, Congo D.R., Crimea and Sevastopol, Eritrea, Ethiopia, Gaza Strip, Guinea, Guinea Bissau, Iran, Iraq, Lebanon, Libya, Macao, North Korea, Somalia, Sudan, Tunisia, Venezuela, Yemen, Zimbabwe, Albania, Barbados, Burkina Faso, Cambodia, Cayman Islands, Haiti, Jamaica, Jordan, Mali, Morocco, Myanmar, Nicaragua, Pakistan, Panama, Philippines, Senegal, South Sudan, Syria, Uganda, West Bank (Palestinian Territory), Belarus, Russian Federation.


High-risk countries: Armenia, Azerbaijan, Bosnia and Herzegovina, China, Croatia, Cuba, United Arab Emirates, Turkey.



The MLRO is the person within an organization responsible for overseeing all AML-related activities.

The Company has an appointed MLRO who reports to the Management Board. The MLRO is responsible for ensuring that the Company meets AML / CFT requirements set by the FCA with the support of the Management Board MLRO oversees the AML systems and controls.

In the absence of the MLRO, Supporting MLRO will take his / her place.

MLRO ‘s activities include:

  • to organize, direct and control the Compliance and Legal department;
  • to ensure that ML and FT law requirements are followed by the Company;
  • to develop and improve the Company’s AML internal control system and to coordinate its implementation, to develop an appropriate documentation of risk management policies and risk profile regarding ML and FT;
  • to perform regular assessments of the Company’s systems and controls in order to ensure that the ML risk is managed effectively;
  • to liaise with the FCA and to provide information upon request as well as to notify the FCA where any relevant change occurs in the Company;
  • to ensure that the Company collects information about unusual and suspicious transactions;
  • to work with internal reports, including decisions to make reports to the NCA;
  • to file external reports to the NCA subject to internal assessment;
  • to make operational decisions in order to prevent executing the Customer’s transaction, if the transaction is associated with or there is a legitimate reason to suspect that it is associated with ML;
  • to establish the basis on which a risk-based approach to the prevention of ML / FT is put into practice;
  • to organize staff training in relation to prevention of ML, as well as to provide consultative assistance to the Company staff;
  • to oversee compliance with the FCA’s rules on systems and controls regarding ML;
  • to inform the Management Board about internal control’s risk system and chargeback / fraud statistics on Customers;
  • to ensure that all business records are kept for at least five years from the date of the customer’s last transaction in accordance with FCA regulations.

Rights of the MLRO

When fulfilling his duties and responsibilities, the MLRO has the right:

  • to receive necessary information on time in order to perform his responsibilities / duties;
  • to represent the Company in matters related to AML;
  • to give obligatory instructions to the Company staff on all matters related to the AML.

Responsibility of the MLRO

When fulfilling his duties and responsibilities, the MLRO is also responsible for:

  • implementation of his duties in timely manner;
  • drafting policies and procedures regarding the ML;
  • establishing and maintaining the effective AML systems and controls.

MLRO reports to Management Board

The MLRO reports to Management Board include:

  • quarterly reports – reports on current AML situation, processes and issues, if there are any;
  • annual reports – once a year, the MLRO writes a report which assesses the operation and effectiveness of the Company’s internal control system in relation to managing ML risk. After reviewing the report, the Management Board considers and addresses any areas identified for improvement.

Other conditions

Before introducing new products / services in the Company’s line of products, they should be approved by the MLRO.

The Board ensures that the MLRO has adequate resources, including appropriate personnel and technology.

To carry out the duties of the MLRO, the MLRO has the right to request and/or use the assistance of another member of the staff. The Company’s personnel must fully support the MLRO in carrying out its tasks.

The Company will ensure that there is a suitable individual who is able to take on the duties of the MLRO for a temporary period (e.g. when the MLRO is on holiday). This will be the Company’s CEO. Where AML tasks are delegated, the appointed MLRO will bear ultimate responsibility for all AML activity.



Company holds all the records of business transactions for at least five years from the date that the business relationship ends.

All the information / documentation obtained during the Customer’s monitoring, as well as certified copies of the identification documentation, Beneficial owner’s certifications, the Customer’s Questionnaire, other documentation, which were obtained during the initial due diligence, are kept in the Customer’s file.

Records to be kept:

  • A copy of, or the references to, the evidence of the customer’s identity obtained under the CDD requirements as per the regulations;
  • The supporting records in respect of the business relationships or occasional transactions that are the subject of CDD measures or on-going monitoring;
  • Record of when the first customer identification and verification took place, and how;
  • Documents justifying exemption from identification (if applicable).

     In relation to the evidence of a customer’s identity, businesses must keep the following records:

  • A copy of the identification documents accepted, and verification evidence obtained, or
  • References to the evidence of customer’s identity.

The records of transactions and business relationships (e.g. account files, relevant business correspondence, daily logs, receipts, cheques, etc.) that are kept should be sufficient to form a complete audit trail that (at the request of the relevant authorities) could be trace from the beginning of a transaction to its completion.

Records should be kept as:

  • A copy of the evidence of identification presented (the photographic evidence is especially valuable).
  • Details of where the copies of identification can be found, which should be filed and easily recoverable. These records should be kept for at least five years from the date the relationship with the customer ends.
  • Regardless of whether a customer is verified or not, the company keeps the information provided for 5 years.
  • All records of disclosures. Any correspondence with law enforcement agencies must be kept for at least five years.

The Company’s record keeping procedure is as follows:

  • Customer information

The Company must keep information recorded electronically and stored in the Customer’s folder, maintained by the Company server. Hardcopies of relevant documentation are kept by the MLRO in the Company’s office.

  • Transactions

The Company is obliged to keep information about all transactions in the course of a business relationship. All transaction records are kept in the transaction database.

  • Internal and external suspicion reports, MLRO annual (and other) reports

The Company must keep MLRO related information (records of actions taken under the internal and external reporting requirements; a record of the information or documentation, when the MLRO has considered any information or other documentation concerning possible ML, but has not made a report to NCA; copies of any SARs submitted to NCA and reports by the MLRO to Management Board) both electronically in a dedicated MLRO reports folder on the Company server, as well as in hardcopy format.

  • Training (the effectiveness of training, as well)

The Company must keep the information on prevention of ML training related information electronically in a dedicated prevention of ML training folder on the Company server, including:

  • dates prevention of ML training was given;
  • the nature of the training;
  • information (name, surname) about employees who have been trained;
  • employee test results

The Company retain any information that must be kept in accordance with this AML Policy:

  • in the form of original documents;
  • in the form of photocopies of original documents;
  • in scanned form;
  • in electronic form.

Records relating to on-going investigations are to be retained at the Company until the relevant law enforcement agency has confirmed that the case has been closed.

If the Company is not notified of the ongoing investigation within five years of disclosure, the records must be destroyed.

The Company also conducts onboarding and ongoing processes in accordance with all requirements and standards, reporting about possible suspicious activities and transactions to the competent authorities.