January 2025
For the Republic of Kazakhstan RIA Payment System Rules
Acting as a Payment System Operator
Dandelion Payments, Inc. dba RIA Money Transfer
CONTENTS
1. INTRODUCTION AND CHARACTERISTICS OF THE PAYMENT SYSTEM
2. PAYMENT SYSTEM OPERATION PROCEDURES
2.1 Procedure for making transfers
2.2 Nature of Services Provided by RIA and Work Schedule
2.3 General requirements for conducting operations
2.4 Procedure for interaction between RIA and Participants. Procedure for using information on payment orders
2.5 RIA requirements for payment services
2.6 RIA requirements for money transfer services
2.7 Cancellation/refund of RIA payment order
2.8 RIA customer service
3 PROCEDURE FOR JOINING/TERMINATING PARTICIPATION IN THE RIA INTERNATIONAL NETWORK
3.1 Analysis of the participant's creditworthiness
3.2 Client identification procedure (in accordance with the "know your client" rule) and its assessment
3.3 Clearing banks and settlement procedures
3.4 Additional Participant Obligations and Regulatory Compliance
4 COMPLIANCE WITH HONOUR REQUIREMENTS, SAFETY MEASURES AND RISK MANAGEMENT
4.1 Personnel qualifications and safety risks
4.2 Risks associated with the use of hardware and software
4.3 Risk associated with legal issues
4.4 Regulatory compliance risk
4.5 Risks associated with the use of the operating system and software
4.6 Information security
5 CONDITIONS OF PARTICIPATION IN THE PAYMENT SYSTEM
5.1 Procedures for resolving insolvency and reviewing violations by payment system participants
1. INTRODUCTION AND CHARACTERISTICS OF THE PAYMENT SYSTEM
Dandelion Payments, Inc. dba RIA Money Transfer (“ RIA ”) is part of the RIA Money Transfer division of Euronet Worldwide, Inc. (“ Euronet ”). Euronet provides secure electronic payment solutions for financial institutions, retailers, service providers – service providers, and individual consumers, both domestically and internationally. RIA is one of the leading international money transfer operators (“ IROs ”), providing services related to both sending and receiving money transfers to our customers worldwide. RIA has an extensive network of its own money transfer offices located in North America, Europe, Asia and Australia.
RIA Payment System means a money transfer system operated by RIA, which is considered a Payment System Operator in accordance with the Law of the Republic of Kazakhstan dated July 26, 2016 No. 11-VI “On Payments and Payment Systems” ( the “Law on Payment Systems” ), as amended and supplemented. These Rules and any amendments made to them from time to time (“ Rules ”), as well as the terms used in this regard, are intended solely to comply with the requirements of Article 5 of the Law on Payment Systems in Kazakhstan and will be published on the website designated by RIA for Kazakhstan with the relevant notification to the National Bank of Kazakhstan (“ RIA Website for Kazakhstan ”). These Rules and other documents issued by RIA to Participants (“ Participants ”) who have all the necessary licenses and permits to carry out money transfers in the Republic of Kazakhstan in accordance with the Money Transfer Agreement concluded with RIA shall be considered as the RIA Payment System in relation to the Republic of Kazakhstan. Unless RIA otherwise provides, RIA may amend these Terms at any time without prior notice to any party, and these Terms and any subsequent amendments shall be effective upon their posting on the RIA Site for Kazakhstan. These Terms are not enforceable by any third party against RIA, RIA does not assume any obligations to any party as a result of the provision of these Terms, and nothing contained in these Terms shall be construed as conferring any right or privilege on any party.
The commission fee charged for providing services to clients in connection with the execution of money transfers sent within the Republic of Kazakhstan (“ Commission ”) and any changes to this Commission will be published on the RIA website for Kazakhstan. Participants may only use the Commission published on the RIA website for Kazakhstan .
2. PAYMENT SYSTEM OPERATION PROCEDURES
2.1 Procedure for making transfers
All Participants of the RIA Money Transfer System sign a money transfer agreement with RIA. Such agreements provide for the rules governing the procedures between the Participants, and also oblige the Participants to comply with the requirements of the RIA Payment System on the basis of the Law on Payment Systems.
The Participants, being independent legal entities possessing all necessary licenses and permits to carry out money transfers in the Republic of Kazakhstan, will cooperate with RIA on a non-exclusive basis to provide money transfer services to clients in the Republic of Kazakhstan.
RIA processes payment orders within its international network, implements measures to prevent and combat money laundering (the “ Anti-Money Laundering Act” ), and performs other activities related to compliance with legal requirements, as well as uses software that will contribute to the proper execution of money transfers. RIA operates in accordance with the rules and regulations of the sending countries, including the laws of the United States, and the rules established by regulatory authorities within the scope of their respective jurisdictions.
In the countries where RIA operates through its International Network, it receives payment orders from RIA clients through 1) its correspondent bank or agent network in those countries and 2) its offices in certain countries and 3) online digital channels (“ International Network ”). Correspondent banks and agents in each country operate using proprietary software.
In relation to payment instructions received by the Participant from the RIA for the purpose of making a payment in favour of a recipient in the Republic of Kazakhstan (“ Money Payment Services” ), the Participants shall act in accordance with the payment instructions received and shall transfer funds to recipients in the Republic of Kazakhstan in the agreed currency and amount specified in the payment instructions. Funds shall be transferred to the recipient in accordance with the requirements of local law and RIA procedures, subject to the RIA performing consistent and reliable identification, including verification of the identity of any personal identification number (PIN). If the payment of funds cannot be made for any reason within the framework of the RIA procedures, the Participant shall promptly notify the RIA of the relevant reasons. The Participant shall provide the RIA with confirmation of payment and shall also maintain records in accordance with applicable law and RIA procedures.
In order to initiate money transfer transactions (“ Money Transfer Services ”), Participants shall act in accordance with applicable laws and RIA procedures, including compliance with all customer identification procedures, appropriate fraud and anti-money laundering due diligence, and other regulatory checks necessary to initiate transactions, disclose information, and obtain consent from the client in the Republic of Kazakhstan, in order to receive funds and Commissions for money transfers from the Participant’s client in the Republic of Kazakhstan. Participants shall use the RIA payment system to initiate and submit to RIA instructions for payment orders for payment to recipients in the RIA International Network in accordance with applicable laws and RIA procedures.
2.2 Nature of Services Provided by RIA and Work Schedule
RIA provides money transfer services to its clients through its International network, with over 595,000 branches and in over 198 countries and territories worldwide. RIA provides money transfer services through its Participants in the Republic of Kazakhstan to initiate money transfer services for recipients in the International RIA network. In addition, RIA provides Cash Pick Up and Account Deposit services for recipients in the Republic of Kazakhstan through its Participants in the Republic of Kazakhstan.
There are 2 payment methods in the Republic of Kazakhstan.
- Cash payment
- Account entry
2.2.1 Cash Payment means a Money Payment Service that pays cash to a Participant at their actual location in accordance with the Payment Order Instructions, applicable law and RIA procedures, including, among others, verifying such transaction using a PIN code and ensuring correct identification of the recipient.
2.2.2 Depositing funds to an account means the execution of Money Payment Services that directly deposit funds into the recipient's bank account in accordance with the Participant's payment order instructions, applicable law, and RIA procedures.
Participants in the Republic of Kazakhstan use their own banking network to deposit funds into the recipients' bank accounts. If the account name and number do not match, the funds will not be deposited into the account and the payment order will be canceled by RIA. Participants may contact the recipients to verify the accuracy of the bank information and to inform them of the timely deposit of funds.
Participants may offer to deposit funds to accounts in the Republic of Kazakhstan via Remote Channels, in cases permitted by applicable law .
Providing money transfers via remote channels is the ability of the client to connect to the Participant’s remotely accessible servers by logging into the Participant’s network from remote locations (devices) using the bank’s debit/credit card. To use the Remote Channel, the client must register with the Participant and open a bank account with the Participant before the start of the money transfer operation. Remote Channels are used to provide Money Payment Services and Money Transfer Services and are limited to duly registered clients of the Participant who have undergone a comprehensive financial and legal due diligence in accordance with applicable law before the start of money transfer operations, while monitoring the client and the operation .
The Participant must set up filters and restrictions in accordance with applicable law. The Client has the ability to withdraw/send money to/from his/her account only within the Republic of Kazakhstan. The Participant is obliged to ensure that he/she has the appropriate authority to conduct operations using Remote Channels in accordance with applicable laws and regulations within the relevant jurisdiction.
Remote Channels may consist of the following options:
- bank payment terminal
- ATMs
- internet banking system or mobile banking service
- bank call center (if applicable)
- mobile payments
2.2.3 Payment System Operating Hours. Participants shall provide Money Transfer Services and Money Transfer Services during normal business hours at all locations where these services are provided. RIA employs a team of dedicated customer service representatives in certain countries, as well as specialized compliance and market research personnel to support Participants. Dedicated customer service representatives, whom Participants may call to make inquiries, file complaints, and resolve problems, are available to RIA 24 hours a day, 7 days a week, 365 days a year.
2.3 General requirements for conducting operations
The participant must fulfill all of the obligations listed below:
- All operations related to sending, paying or changing money transfer orders are performed in the presence of the client.
- Clients and recipients are required to read and sign all receipts that disclose information in accordance with the requirements of applicable law.
- Except for the Commission and any other fees agreed in writing between the RIA and the Participant, the Participant is not permitted to charge the client additional fees for the transaction.
- The Participant treats all information about transactions, clients and recipients as confidential information that should not be disclosed to third parties, except in cases provided for by the agreement between RIA and the Participant and in accordance with the requirements of applicable law.
- Personal information of clients and recipients will be used and disclosed in strict accordance with applicable law and the agreement between RIA and the Participant.
- Each user of the Participant performing the transaction must use their own login and password to access the RIA Payment System to process transactions.
2.4 Procedure for interaction between RIA and Participants. Procedure for using information on payment orders
- Initiate a money transfer transaction
o Money transfer orders are entered into the online system of the RIA International Network by Participants or correspondent banks and agents.
o After the task is entered into the system, a receipt with a personal PIN code is printed, which the Participant gives to the sender to be given to the recipient for the purpose of receiving money.
- Payment of the money transfer transaction to the recipient
o The participating or correspondent bank/agent in the RIA International Network requests appropriate identity documents from the recipient, verifies the NRI (and other data) and makes copies of identity documents in accordance with applicable legislation.
o If the information is not confirmed or incorrect data is provided, the payment will not be made. The transaction will not take place, and the amount of the payment order and the commission fee charged from the sender will be returned to the sender in the amount provided for by applicable law.
o In case of payment of funds, the system can generate two copies of the receipt, one for the recipient and the other for the Participant or correspondent bank/agent. The recipient signs both copies and the operator pays the funds to the recipient.
o The System typically receives all payment confirmations from sending Participants or correspondent banks/agents in real time and allows Participants or correspondent banks/agents and RIA to view the current status of received and sent orders.
- Participants are required to train their employees on RIA procedures and applicable laws, including anti-money laundering programs, recordkeeping requirements, information security, and consumer protection and data privacy laws. Any changes to the above procedures will be posted on the RIA website for Kazakhstan within the timeframe provided for by applicable law and will be additionally notified to all Participants in the Republic of Kazakhstan.
2.5 RIA requirements for payment services
Upon receipt of payment instructions from the RIA or the Participant, the other party is obliged to perform the following actions:
- Payment of funds according to the instructions on the payment order.
- Verification of each payment request by comparing the personal identification number ("PIN") provided by the recipient with the PIN provided by the party making the payment order. Payment of funds to the specified recipient is made only after verification of the recipient's personal data in accordance with applicable law.
- Participants are not allowed to charge any additional commission from the recipient when paying for the transfer.
- Payment of the transfer can only be made if the client provides the correct PIN code and if the recipient's personal data is confirmed in accordance with applicable legislation.
- There may be a slight discrepancy between the transaction data in the money transfer order and the client's TIN specified in the identity card. For example, the surnames are the same Maria and Marya. In such cases, the Participant is obliged to confirm that the transaction can be paid in accordance with its compliance procedures and applicable legislation. The Participant can also contact the RIA call center and request a change in the recipient's name, while RIA will make reasonable efforts to change the payment order as much as possible.
- Payment for all money transfer operations is made in the currency indicated in the money transfer order and receipts issued in accordance with applicable law, accompanied by copies of the receipts provided for RIA in accordance with RIA procedures.
2.6 RIA requirements for money transfer services
- Sending money transfer orders is carried out only after the client pays the Participant the full amount, including the transfer amount and the Commission for the order, and also provides the following information.
- Transfer amount
- Payment currency
- Commission currency
- Full name of the sender
- Shipper's document data
- Recipient's TAA
- The sender must indicate the currency in which payment for the order will be made, in accordance with the currency available for the specific destination country.
- The cost of the transaction will be reflected in the Commission published on the RIA website for Kazakhstan and in the system available to the Participant at the time of initiating the transaction. The Participant is obliged to perform the money transfer transaction in accordance with the system requirements published on the RIA website for Kazakhstan, the Rules (taking into account possible changes and additions), the agreement between the Participant and RIA, as well as in other cases in accordance with the RIA procedures.
2.7 Cancellation/refund of RIA payment order
- If the client wishes to cancel the order, he/she must contact the branch of the Participant from which the client issued the money transfer order. After requesting such cancellation, and if the payment has not yet been made to the beneficiary (in cash or to the account), RIA will refund the amount, commission for the order and fees in accordance with applicable law, provided that the client (i) provides a copy of the valid order and (ii) presents a valid identity document. If the funds have been paid to the beneficiary, the money transfer operation cannot be canceled or the amounts on it cannot be refunded.
- If payment for a money transfer operation is not made in favor of the recipient within 21 days, RIA will automatically cancel the operation and notify the sender about this through the Participant in Kazakhstan or the correspondent bank/agent in the RIA International Network.
2.8 RIA customer service
The Participant is obliged to contact RIA in all cases where circumstances arise that may delay payment or cause complaints from customers, in particular:
- Change of recipient's TAA
- Display incorrect or incomplete recipient phone number
- Indicate an incorrect or incomplete recipient address.
If the status of the operation indicates a payment made, blocked, or canceled, changes cannot be made to the operation. It is not possible to change the destination country or the amount of the payment order. If there is an error in indicating the destination country or amount in a sent payment order, this operation must be canceled and a new one must be made. The commission provided in accordance with applicable law must be returned to the client. Changes to the operation regarding the sending of the order can be made in two ways: by the Participant's Bank employees in the System at the branch where the order was issued, or by contacting the RIA customer service department.
3. PROCEDURE FOR JOINING/TERMINATING PARTICIPATION IN THE RIA INTERNATIONAL NETWORK
RIA effectively assesses and manages risks related to money laundering, terrorist financing, customer (consumer) fraud, and compliance with consumer protection laws. Compliance risk assessments identify risks related to the regulatory framework, the products and services offered, the geographic location of operations, and the delivery channels used to deliver products and services to the customer.
The purpose of risk assessment is to identify the typical risks in each area described in general terms above, develop policies and procedures to mitigate such risks, and effectively assess and manage residual risks.
Before formalizing business relations with Participants, RIA conducts a comprehensive financial and legal due diligence on each Participant:
- Analysis of the participant's creditworthiness
- client identification procedure (in accordance with the "know your client" rule) and its assessment.
3.1 Analysis of the participant's creditworthiness
RIA conducts a Participant Creditworthiness Analysis (“Participant Creditworthiness Analysis”) for each company that applies for Participant status, analyzing RIA’s overall credit risk with respect to the Participant, as well as the Participant’s relative creditworthiness and relevant jurisdiction. In order to complete this analysis and assessment of the Participant, Participants are required to provide certain documentation and information upon request by RIA. This procedure describes how RIA assesses and manages the credit and liquidity risks associated with Participants in order to reduce the potential risk of bankruptcy in the payment system.
· Credit and liquidity risk management:
RIA conducts a thorough review of each Participant's financial stability, creditworthiness, and operating history to identify potential risks. This includes an analysis of their financial statements, profits, credit commitments, and economic stability in the jurisdiction in which they operate.
· Credit obligations and risk mitigation:
RIA assesses credit obligations based on the participant's transaction volume, payment methods, and required collateral deposits. High-risk situations are subject to additional credit risk management measures.
· Constant monitoring and liquidity management:
RIA's treasury department monitors cash flows and liquidity needs on a daily basis to ensure funds are available to support the operating cycle and to respond promptly to potential cash shortages.
· Risk assessment:
Participants are given a risk rating based on their financial condition and operational factors, which helps them make decisions on contract terms and risk mitigation measures.
· Risk reduction and measures in case of emergencies:
For high-risk participants, RIAs may implement additional safeguards, such as payment confirmations, financial guarantees, or operational restrictions, to mitigate risks.
This procedure ensures the stability and security of the payment system, while maintaining strict control over the financial and liquidity risks associated with RIA Participants.
3.2 Client identification procedure (in accordance with the "know your client" rule) and its assessment
RIA has established a client due diligence procedure to ensure that all its agents have a good reputation and sound financial standing. For this purpose, Participants are required to comply with the client due diligence procedure before entering into contractual relationships. The client due diligence procedure is designed to verify the ultimate beneficiaries (beneficial owners) of Participants, as well as to verify the information provided by Participants. The Participant is obliged to provide RIA with certain documentation and information to conduct a comprehensive financial and legal due diligence, including the “Know Your Client” client due diligence procedure in accordance with RIA’s policies and procedures for combating money laundering and terrorist financing.
An expanded comprehensive financial and legal due diligence is conducted for specific Participants using a risk assessment-based approach.
The Compliance Department approves each Participant prior to initiating money transfers under an agreement with the RIA in accordance with the RIA requirements and compliance procedures under applicable law.
The agreement with the participant shall be terminated for the following reasons, in particular, due to non-compliance with the requirements :
- The participant or its owner is included in the list of special categories of citizens and prohibited persons of the US Treasury Department or in the list of problematic banks of another country;
- The participant has been identified as a person known to be involved in money laundering; or
- Use of inappropriate media; and/or Participant has become an unacceptable risk for the company in accordance with RIA's policy on regulatory compliance.
3.3 Clearing banks and settlement procedures
The bank settlement accounts maintained by the Participants and RIA are used to settle transactions through the RIA International Network. Payment and collection of funds can be carried out at a specific bank or the funds can be paid by an agent by bank transfer or debit card. RIA settles its Participants using global accounts in accordance with the terms of settlement under the money transfer agreement and the procedures provided for notifying the other party and providing it with the latest bank account data.
RIAs follow these steps to manage settlement risks and ensure the safety of client funds.
· Fund protection: RIAs segregate client funds into separate accounts separate from their own to comply with regulatory requirements and ensure that third parties cannot claim these funds.
· Settlement Process: Payments are managed by the RIA Global Treasury/Finance team, which arranges settlements with Participants according to agreed schedules. Settlements are made via bank transfers through RIA Global accounts in accordance with the agreements made.
· Credit terms: For subsequent payment, RIA requires a credit check and may request deposits or guarantees to manage risks.
· Frequency and Financing: The frequency of settlement is set in the agreement (from daily to monthly) depending on the time zone, as needed, using short-term financial instruments.
· Exchange of banking information: RIA and Participants exchange banking details in advance to facilitate settlement.
This approach ensures the protection of client funds and supports efficient and secure settlement operations.
3.4 Additional Participant Obligations and Regulatory Compliance
Participants are required to promptly notify RIA of any events that may materially adversely affect their ability to perform their services and/or obligations and to receive any notices from any governing body or regulatory body, law enforcement or judicial authorities related to the RIA Payment System and money transfers. RIA may suspend or terminate services with a Participant who fails to comply with applicable law or RIA’s policies and procedures regarding compliance with the requirements.
Participants shall comply with all laws and regulations governing money transfer activities by obtaining and maintaining all necessary licenses or permits in accordance with the requirements of the relevant regulatory, governmental or other bodies, agencies or organizations, including by adopting and implementing programs and policies to combat money laundering, corruption or fraud in accordance with applicable laws and RIA procedures for regulatory compliance, appointing a compliance officer and providing appropriate training to its employees. The Participant shall notify the National Bank of the Republic of Kazakhstan of the adoption of any mandatory measures to control money transfers and, where applicable, of any reporting requirements to any governing bodies or regulatory authorities. The Participant shall retain all transaction information, due diligence documentation, and documentation of compliance efforts related to the Transaction for a period of at least five (5) years or as required by local law, whichever is longer, in order to respond to requests for information within a reasonable period of time. The Participant shall cooperate fully with the RIA, any governing or regulatory authorities, and law enforcement agencies in connection with compliance matters.
4. COMPLIANCE WITH HONOUR REQUIREMENTS, SAFETY MEASURES AND RISK MANAGEMENT
RIA has been operating in the money transfer industry for over 35 years and continues to be involved in risk assessment, which has contributed to its tremendous growth in such a short period of time. RIA continues to operate with qualified teams and infrastructure in accordance with applicable legislation to carry out its money transfer activities.
4.1 Personnel qualifications and safety risks
Participants shall ensure that their personnel are appropriately qualified and trained to perform money transfer activities. Participants shall designate a compliance officer who shall implement and monitor the Participant’s anti-money laundering policies and procedures. Participants shall report to the relevant governing bodies or regulatory authorities and to the RIA staff any incidents in which the Participant suspects fraud, money laundering or terrorist financing.
All RIA employees receive an employee handbook upon hire that includes a detailed overview of RIA's security policy. This policy governs the use of company resources, including computers, email, and the Internet.
RIA provides its employees with the equipment they need to perform their daily duties, including laptops, desktop computers, and related hardware and software. Employees are instructed not to store personal or private documents on company-provided equipment, as these devices and their contents are the property of the company. By signing the employee handbook, all employees waive their right to confidentiality with respect to any information that is proprietary to the company.
RIA’s internal software has well-defined access controls that are remotely managed by authorized personnel. Access to the software is granted on a need-to-know basis, ensuring that employees only have access to the resources they need to perform their duties. For example, customer service employees can only access areas related to customer service operations.
RIA also supports a comprehensive training program to ensure that all employees are aware of potential risks and fully understand the IT policies they must adhere to. As part of the information security program, key management and system elements are routinely tested, primarily by licensing departments and internal IT auditors. This ensures that all procedures are followed and all control measures are effective.
4.2 Risks associated with the use of hardware and software
The Participant shall have a training program in place to ensure that all employees are aware of potential risks and are informed of the information technology use policies they must adhere to. All Participants shall establish relevant controls and systematic procedures in accordance with the RIA policy and applicable law.
To further mitigate risks associated with devices and software, RIA has implemented the following controls:
1. Data Encryption: All sensitive data stored on company devices is encrypted to protect against unauthorized access in the event of theft or loss.
2. Multi-factor authentication (MFA): MFA is required for access to all critical systems, adding an extra layer of security beyond passwords.
3. Automatic update management: All company devices are regularly updated by installing the latest security patches to protect against known vulnerabilities.
4. Endpoint Protection: All company devices have advanced antivirus and anti-malware solutions installed to detect and prevent malicious activity.
5. Device Monitoring and Auditing: Device usage is monitored and regularly audited to identify any unauthorized or suspicious activity.
6. Data Loss Prevention (DLP) Policy: DLP technologies are used to monitor and control the transmission of sensitive data to prevent accidental or intentional disclosure of data.
7. Physical Security Measures: All company devices are equipped with physical security measures, such as cable locks, to prevent theft.
RIA has a comprehensive set of security policies and technical documents that are reviewed annually and comply with the best industry standards. Some of them are listed below:
· Information security policy
· Security incident response policy
· Remote access policy
· Logical access policy
· Data classification policy
· Vulnerability management policy
· Data encryption policy
4.3 Risk associated with legal issues
RIA employs a team of legal experts in various countries who analyze and advise on all matters related to its operations, both internationally and in accordance with local legal requirements. This reduces the legal risks that RIA may face.
4.4 Regulatory compliance risk
RIA is committed to conducting its business in accordance with the highest legal and ethical standards, while maintaining security and integrity. We have established strict standards for compliance with applicable regulations designed to assist in the detection and prevention of money laundering and terrorist financing, as well as any other laws and regulations that apply to RIA’s financial services activities. Participants are required to cooperate with RIA in fulfilling its regulatory compliance obligations and to promptly respond to all inquiries.
4.4.1 Compliance Risk Management Program
RIA has implemented an effective Compliance Risk Assessment Program to identify areas of potential money laundering, terrorist financing, and consumer fraud, as well as to assist in identifying instances of non-compliance with the Participant's compliance policy .
4.4.2 "Know your agents and foreign participants"
RIA has developed policies, procedures and controls in accordance with applicable laws and regulations to ensure the security of customer funds and protect against money laundering and terrorist financing, to identify and identify customers and/or any unusual/suspicious activity, and to protect the company from financial, operational and legal risks. RIA will conduct comprehensive financial and legal due diligence on its agents, correspondent banks and Participants.
RIA:
- Conducting comprehensive financial and legal due diligence for all foreign Participants.
- Monitoring the operations of foreign Participants using a risk-based approach.
- Developed a policy to ensure corrective actions and termination of activities of foreign Participants who fail to comply with written policies and procedures.
4.4.3 Operations Monitoring Program
RIA has developed a comprehensive Transaction Monitoring Program that: (i) identifies unusual/suspicious activity related to applicable AML and bank secrecy laws, terrorist financing, and fraud risk; (ii) investigates transactions that are considered unusual/suspicious or fraudulent; (iii) documents relevant circumstances; (iv) reports unusual/suspicious activity to senior management in accordance with policy and applicable law; and (v) utilizes advanced technology systems to report suspicious activity to the government, as required by policy and law. RIA has established a team of compliance specialists and analysts to assist in ensuring the protection of the Company’s financial network, RIA brands, and to report suspicious activity related to AML, terrorist financing, and fraud risk. Participants are required to cooperate with the RIA and promptly respond to all inquiries to fulfill their regulatory compliance obligations.
4.4.4 Sanctions Compliance Program
RIA is committed to full compliance with sanctions within the jurisdiction in which it operates, including compliance with U.S. sanctions imposed by the U.S. Treasury Department’s Office of Foreign Assets Control. Transactions may be subject to various national and international sanctions lists, such as the U.S. Treasury Department’s Office of Foreign Assets Control’s List of Specially Designated Nationals and Prohibited Persons, the U.S. Treasury Department’s Office of Foreign Assets Control’s Consolidated Sanctions List, and other applicable local jurisdictions. Possible overlaps are noted, and Participants may only unblock such transactions after obtaining approval from RIA’s Compliance Department.
RIA maintains a comprehensive program to ensure compliance with applicable economic sanctions and may take necessary measures to prevent or suspend the initiation of activities of Participants in the RIA International Network and the implementation of transactions on behalf of, for the benefit of and on behalf of any individual, legal entity, country or organization subject to such sanctions.
4.4.5 Training
Staff training
Participants are required to implement an effective staff training program. An anti-money laundering training program is essential to the success of any compliance program. The purpose of compliance training is to ensure that each employee has a good understanding of the laws and regulations with which they are required to comply, including:
- Introducing new employees to the job
- Provide ongoing training to all employees
- May provide for retraining as needed.
4.4.6 Maintaining report documentation
Regulatory authorities require financial institutions to maintain records of their transactions. In this regard, RIA has adopted appropriate recordkeeping policies in accordance with each jurisdiction, and the Participant is required to adhere to the recordkeeping policies established for the Republic of Kazakhstan.
4.5 Risks associated with the use of the operating system and software
RIA has a dedicated team of fraud specialists who constantly monitor and manage fraud prevention measures. Their responsibilities include, among others :
- Work hand-in-hand with the team to ensure compliance in order to study and research market trends
- Control of built-in system functions
- Security token management
- Working "hand in hand" with the Police Technology Department
- Consulting and training participants
- Formation of teams to conduct post-operation investigation
Participants are required to fully cooperate with RIA in implementing its policies and procedures related to this risk, including, without limitation, filtering suspicious transactions, identifying unusual orders, automatically logging out of the system when there is no activity on the site, and conducting transactions outside of established business hours.
RIA’s Software Control Department operates 24/7 to support the company’s global presence. With offices in multiple countries, RIA ensures the continued operation of its software centers, ensuring the continued operation of critical services in all regions where RIA does business. 24/7 staff availability is an important element of RIA’s commitment to operational stability, which is included in RIA’s business continuity plan.
To mitigate information technology security risks, RIA takes the following measures:
· Systematic backup: All software and databases are backed up regularly, ensuring data integrity and availability in the event of a system failure.
· Advanced threat protection: RIA uses sophisticated antivirus and anti-malware solutions to protect against viruses, hacker attacks, and other malicious activities.
· Intrusion Detection and Prevention Systems (IDPS): Continuous monitoring of network traffic helps detect and prevent unauthorized access or attacks in real time.
· Automated system monitoring: Critical systems are monitored for any faults or signs of abnormal behavior and automatically notified for immediate action.
· Redundant systems: RIA supports redundant systems and failover capabilities to ensure continuous operation in the event of a system or equipment failure.
· Fraud Detection Mechanisms: RIA uses advanced fraud detection systems to prevent fraudulent activities to protect its systems and clients.
· Access Control and User Authentication: Strict access control measures and user authentication processes have been implemented to ensure that only authorized personnel have access to sensitive systems and data.
RIA has a comprehensive, documented disaster recovery plan that outlines specific steps to be taken in the event of a natural or man-made disaster. This plan ensures rapid restoration of services and minimizes downtime.
These measures and procedures are an integral part of RIA's strategy to mitigate operational, systemic and programmatic risks, ensuring the stability and reliability of the company's global operations.
4.6 Information security
Participants are responsible for ensuring the security of their proprietary systems used in connection with the performance of their obligations by developing and maintaining an information security program that includes appropriate measures in accordance with applicable law and commercially reasonable industry standards to ensure security and confidentiality, integrity, and availability.
All relevant security information regarding the security policy is included in the RIA information security program.
5. CONDITIONS OF PARTICIPATION IN THE PAYMENT SYSTEM
The Participant has the right to participate in the RIA Payment System in accordance with the terms and conditions of the agreement concluded between the Participant and RIA, as well as based on the results of a comprehensive financial and legal due diligence of the Participant, conducted in accordance with RIA's policies and procedures for ensuring regulatory compliance and executing transactions. Termination of the Agreement and participation in the RIA Payment System shall be terminated in accordance with the concluded agreement.
5.1 Procedures for resolving insolvency and reviewing violations by payment system participants
The Agreement between RIA and the Participant expressly grants the parties the right to terminate it immediately at any time and upon written notice to the other party in the following cases (among others): (i) if one of the parties is declared insolvent or admits it or is otherwise unable to pay its debts as they fall due; (ii) after the commencement of any legal proceedings (whether voluntary or compulsory) for bankruptcy, insolvency or relief from creditors; (iii) if a regulatory authority initiates an investigation into the party that has caused material harm to its operations or business reputation; (iv) if one of the parties fails to obtain or maintain in force all necessary licenses and/or permits to carry out the activity; (v) if one of the parties breaches the terms of the Agreement; (vi) if one of the parties is not satisfied with the other party’s internal control policies, procedures or measures relating to anti-money laundering/countering the financing of terrorism legislation. In addition, RIA has the right, in its sole discretion, to suspend, cancel or withhold any money transfer transaction that may be made in accordance with the terms of the agreement with each Participant. Accordingly, in the event of a Participant’s insolvency or failure to comply with these Rules, RIA has the right, if it deems it necessary, to suspend, cancel or withhold any money transfer transaction or service.
Rules of Payment System RIA
for the Republic of Kazakhstan
Dandelion Payments, Inc. dba RIA Money Transfer,
acting as a Payment System Operator
January 2025
CONTENTS
1 INTRODUCTION AND DESCRIPTION OF THE PAYMENT SYSTEM
PROCEDURE 2 OPERATION OF THE PAYMENT SYSTEM
2.1 Procedure for implementation of translations
2.2 Description of services provided by RIA and Graphic Work
2.3 General requirements for operations
2.4 Procedure for interaction between RIA and Participants. The procedure for using information on a payment order
2.5 Requirements for RIA services for making cash payments
2.6 Requirements of RIA for Money Transfer Services
2.7 Cancellation of RIA payment order/refund
2.8 Customer Service RIA
3 PROCEDURE FOR CONNECTION/TERMINATION OF PARTICIPATION IN THE INTERNATIONAL NETWORK RIA
3.1 Analysis of creditworthiness of the Participant
3.2 The procedure for identification of the client (according to the rule "znay svoje klienta") and its assessment
3.3 Clearing banks and settlement procedures
3.4 Additional obligations of the Participant and legal compliance
4 COMPLIANCE WITH TREBOVANIY, MARY BEZOPASNOSTI IT AND UPRAVLENIE RISKAMI
4.1 Qualification of personnel and risk associated with security
4.2 Risk associated with the use of hardware and software
4.3 Risk associated with legal issues
4.4 Risk of regulatory and legal compliance
4.5 Risk associated with the use of the operating system and software
4.6 Information security
5 УКЛОВИЯ УЧАСТИЯ В PLATEZHNOY SYSTEM
5.1 Procedures for resolution of insolvency and consideration of violations on the part of Participants of the payment system
1. INTRODUCTION AND DESCRIPTION OF THE PAYMENT SYSTEM
Dandelion Payments, Inc. dba RIA Money Transfer (" RIA ") is part of the money transfer division of RIA Corporation Euronet Worldwide, Inc. (" Euronet "). Euronet provides secure electronic payment solutions for financial institutions, retailers, service providers and individual consumers, both domestically and internationally. RIA is one of the international money transfer operators (" MODP ") that offers our clients worldwide services related to both sending and receiving money transfers. RIA has an extensive network of branches engaged in sending money transfers, which are located in North America, Europe, Asia and Australia.
Payment System RIA is a money transfer system managed by RIA, which is considered the Payment System Operator in accordance with the Law of the Republic of Kazakhstan "On Payments and Payment Systems" dated July 26, 2016 No. 11-VI, with possible amendments and additions (" Law on Payment Systems "). These Rules, provided in relation to the activity of the RIA Payment System Operator, and any amendments to them, introduced from time to time (" Regulations "), as well as the terms used in this regard, are intended exclusively for the fulfillment of the requirements of Article 5 of the Law on Payment Systems in the Republic of Kazakhstan, and will be posted on the site specified by the RIA for the Republic of Kazakhstan, with a corresponding notification to the National Bank of Kazakhstan (" RIA Rules for Kazakhstan "). These Rules and other documents provided by RIA to Participants who have all the necessary licenses and permits for the implementation of money transfers in the Republic of Kazakhstan in accordance with the agreement on money transfers concluded with RIA (" Participants ") are considered the Payment System of RIA in relation to the Republic of Kazakhstan. RIA may amend these Rules at any time without prior notice to any party, and these Rules and subsequent changes shall be effective from the date of posting on the RIA Site for Kazakhstan, unless otherwise specified by RIA. These Rules may not be enforced in a court of law against RIA by any third party, RIA does not assume any obligations to any party as a result of the provision of these Rules, and none of the provisions contained in these Rules shall be deemed to grant any right or benefit to any party.
The commission fee charged for customer service in connection with the implementation of money transfers sent to the Republic of Kazakhstan (" Commission "), and any changes to this Commission, will be published on the RIA website for Kazakhstan. Participants can apply only the Commission published on the RIA for Kazakhstan website .
2. PROCEDURE OF OPERATION OF THE PAYMENT SYSTEM
2.1 Procedure for implementation of translations
All Participants of the Money Transfer System RIA sign a money transfer agreement with the RIA. Such agreements provide for rules regulating procedures between Participants, as well as obligate Participants to comply with the requirements of the RIA Payment System based on the Law on Payment Systems.
Participants, who are independent legal entities and possess all necessary licenses and permits for the implementation of money transfers in the Republic of Kazakhstan, will cooperate with RIA on a non-exclusive basis in order to provide money transfer services to clients in the Republic of Kazakhstan.
RIA processes payment orders in its international network, takes measures to prevent and counter laundering of money obtained by criminal means (" Anti-legalization of money obtained by criminal means" ), and other actions related to compliance with legislative requirements and also uses software that will facilitate the proper implementation of money transfers. RIA works with a network of international banks - correspondents and agents in accordance with the rules and regulations of sending countries, rules established by regulatory bodies within the relevant jurisdictions, including the legislation of the United States of America.
RIA receives payment orders from clients through 1) its network of correspondent banks or agents in these countries and 2) its offices in certain countries 3) online digital channels (" International Network ") for payment to the recipient in countries where RIA operates through its International Network. Correspondent banks and agents in each country work using proprietary software.
With regard to the instructions for payment orders received by the Participant from RIA for the implementation of payment in favor of the recipient in the Republic of Kazakhstan (" Services for the implementation of monetary payments" ), the Participants will act in accordance with the received payment instructions and will provide funds to the recipients in the Republic of Kazakhstan in the agreed currency and in the amount specified in the instructions for payment orders. Funds are provided to the recipient subject to valid and convincing identification in accordance with the requirements of local law and RIA procedures, including verification of the identity of any personal identification number (PIN) RIA. If the payment of funds for any reason cannot be carried out within the framework of the procedures of the RIA, the Participant must immediately notify the RIA of the relevant reasons. The Participant must provide RIA with confirmation of payment, and must also keep records in accordance with current legislation and RIA procedures.
In order for the Participant to receive money transfer funds and commissions from the client in the Republic of Kazakhstan for the purpose of initiating a money transfer operation (" Services for the implementation of money transfers "), the Participant must act in accordance with the applicable laws and procedures of the RIA, including compliance with all client identification procedures, appropriate preliminary checks to detect fraud, countering the legalization of money obtained through crime, and other regulatory checks necessary for the initiation operations, disclosure of information and obtaining consent from the client in the Republic of Kazakhstan. Participants use the RIA payment system for the purpose of initiating and sending payment instructions to the RIA address for payment to recipients in the International RIA Network in accordance with the current legislation and procedures of the RIA.
2.2 Description of services provided by RIA and Graphic Work
RIA provides services for the implementation of money transfers between clients through its International network in more than 595,000 branches and in more than 198 countries and territories of the world. RIA provides, through Participants in the Republic of Kazakhstan, the collection of funds intended for money transfers, in order to initiate Services for the implementation of money transfers for the benefit of recipients in the International RIA network. In addition, RIA provides services for the implementation of cash payments, through Participants in the Republic of Kazakhstan, for the benefit of recipients in the Republic of Kazakhstan by means of receiving cash ( Cash Pick Up ) and crediting monetary amounts to the account ( Account Deposit ).
There are 2 payment methods in the Republic of Kazakhstan.
- Payment in cash
- Account
2.2.1 Payment in cash means the Services for the implementation of cash payments, when the Participant pays cash to the recipient at the place of his actual location in accordance with the instructions for the payment order, the current legislation and the procedures of the RIA, including, among other things, verification of such operation using a PIN code and valid identification of the recipient.
2.2.2 Transfer of money to the account means Services for the implementation of monetary payments, when the Participant transfers funds directly to the recipient's bank account in accordance with the instructions for the payment order, current legislation and procedures of the RIA.
Participants in the Republic of Kazakhstan use their banking network to transfer money to the recipient's bank accounts. If the name and number of the account do not match, the money is not credited to the account, and the payment order is canceled by RIA. Participants can contact the recipients to check the correctness of the bank information and notify them that the money will be credited in a timely manner.
Participants can, in cases permitted by the current legislation, offer to transfer money to an account in the Republic of Kazakhstan through Remote Channels .
Providing money transfers through Remote Channels is an opportunity for the client to connect to the remote access servers of the Participant, enter the Participant's network from remote locations (devices), using a bank debit/credit card. To use the Remote Channel, the client must register with the Participant and open a bank account with the Participant before starting the money transfer operation. Remote Channels are used to provide Services for making cash payments and Services for making money transfers and are limited only to those clients of the Participant who were properly registered at the time of opening a bank account and before the start of the money transfer operation, in respect of which a complex financial and legal check was conducted in accordance with the current legislation, while the client and the operation are monitored .
The participant must set filters and restrictions in accordance with current legislation. The client has the opportunity to receive/send money only to his/her account exclusively within the Republic of Kazakhstan. The Participant is obliged to ensure the availability of proper authorizations to conduct operations using Remote Channels in accordance with the laws and regulations in force within the respective jurisdictions.
Remote Channels can consist of the following options:
- Bank payment terminal
- ATMs
- Internet banking system or mobile banking service
- Call center bank (if applicable)
- Mobile payments
2.2.3 Payment System schedule. Participants provide services for the implementation of cash payments and services for the implementation of money transfers during normal working hours in all branches that offer these services. RIA employs a team of dedicated customer service representatives in some countries, as well as specialized compliance and marketing research staff to support Participants. Special customer service representatives, whom Participants can call to ask questions, file complaints and find solutions to problems, work at RIA 24 hours a day, 7 days a week, 365 days a year.
2.3 General requirements for operations
The participant must fulfill all of the following obligations:
- All operations related to sending, paying or changing money transfer orders are performed in the presence of the client.
- Clients and recipients are obliged to read and sign all receipts in which information is disclosed in accordance with the requirements of the current legislation.
- The Participant is not allowed to charge the client an additional commission for the operation, with the exception of the Commission and any other fees agreed in writing between the RIA and the Participant.
- The Participant considers all information about operations, clients and recipients as confidential or subject to disclosure to third parties, except for the cases stipulated by the agreement between the RIA and the Participant, and in accordance with the requirements of the current legislation.
- Personal information of clients and recipients is used and disclosed strictly in accordance with the current legislation and the agreement between the RIA and the Participant.
- Each user of the Participant performing operations should use his individual login and password to access the RIA Payment System for processing operations.
2.4 Procedure for interaction between RIA and Participants. The procedure for using information on a payment order
- Initiation of money transfer operations
o Money transfer orders are entered into the online system by Participants or correspondent banks and agents in the International RIA Network.
o After entering the order into the system, a receipt with an individual PIN code is printed, which the Participant provides to the sender for transfer to the recipient for the purpose of receiving money.
- Payment operation by money transfer to the recipient
o Participant or correspondent bank/agent in the International Network of RIA requests from the recipient relevant documents certifying the identity, verifies the full name (and other data) and, in accordance with the current legislation, makes a copy of the documents certifying the identity.
o In the case of either confirming information or providing correct data, payment is not made. The operation will be canceled, and the amount of the payment order and the commission charged from the sender will be returned to the sender in the amount provided by the current legislation.
o In the case of payment of funds, the system can create two copies of the receipt, one for the recipient, and the other for the Participant or correspondent bank/agent. The recipient signs both copies, and the operator pays the funds to the recipient.
o The system, as a rule, receives all payment confirmations from sending Participants or correspondent banks/agents in real time and provides Participants or correspondent banks/agents and RIA with the opportunity to view the current status of received and sent orders.
- Participants must train their employees in RIA procedures and applicable laws, including anti-money laundering programs, record keeping requirements, information security, and consumer protection and data privacy laws. Any changes to the above procedures will be published on the RIA website for Kazakhstan within the period stipulated by the current legislation, and will be additionally communicated to all Participants in the Republic of Kazakhstan.
2.5 Requirements for RIA services for making cash payments
After receiving the payment instructions from the RIA or the Participant, the other party must do the following:
- Pay the funds according to the instructions on the payment order.
- Verify each payment request by matching the personal identification number ("PIN code") provided by the recipient with the PIN code provided by the party creating the payment order. Payment of funds to the specified recipient will be made only after verification of the recipient's personal data in accordance with current legislation.
- Participants are not allowed to charge the recipient any additional commission while paying the transfer.
- Payment of the transfer can be made only if the client provides the correct PIN code, and if the recipient's personal data is confirmed in accordance with the current legislation.
- There may be minor discrepancies between the operation data in the money transfer order and the client's full name specified in the identity card. For example, Maria and Marya are the same last name. In such cases, the Participant is obliged to confirm whether the money can be paid for the transaction in accordance with its compliance verification procedures and current legislation. The Participant may also contact the RIA call center and request a change in the recipient's name, while RIA will make reasonable efforts to change the payment order, if possible.
- Payment for all money transfer operations is made in the currency specified in the money transfer order and receipts provided to recipients in accordance with current legislation, with attached copies provided for RIA according to RIA procedures.
2.6 Requirements of RIA for Money Transfer Services
- The sending of orders for the transfer of funds is carried out only after the client pays the Participant the entire amount, including the amount of the transfer by order and the Commission, and also provides the following information.
- The amount is transferred
- Currency payment
- Currency commission
- Full name of the sender
- Sender of these documents
- Name of recipient
- The sender should specify the currency in which the payment will be made by order, in accordance with the available currencies for the specific country of destination.
- The cost of the operation will be indicated in the Commission, published on the RIA website for Kazakhstan, and in the system available to the Participant during the initiation of the operation. The Participant is obliged to perform the money transfer operation only in accordance with the system requirements, the Rules published on the RIA website for Kazakhstan (taking into account possible changes and additions from time to time), the agreement between the Participant and the RIA, and also in other cases according to the procedures of the RIA.
2.7 Cancellation of RIA payment order/refund
- If the client wants to cancel the order, he/she needs to contact the Participant's office where the client issued the money order. After such a cancellation request, and if the payment has not yet been made to the recipient (in cash or on account), the RIA will refund the amount, commission for the order and fees in accordance with the applicable legislation, provided that the client provides a copy of (i) a valid order and (ii) presents a valid ID. The money transfer operation cannot be canceled or the amount can be returned if the funds have already been paid to the recipient.
- If payment for the money transfer operation is not made in favor of the recipient within 21 days, RIA will automatically cancel this operation and notify the sender about this through the Participant in the Republic of Kazakhstan or a correspondent bank/agent in the International Network of RIA.
2.8 Customer Service RIA
The Participant is obliged to contact the RIA in all cases of circumstances that may delay payment or cause complaints from clients, namely in the case of:
- Changes to the full name of the recipient
- Indications of an incorrect or incomplete phone number of the recipient
- Indications of incorrect or incomplete recipient address
It is not possible to make changes to operations if the status of the operation indicates a payment, blocking, or cancellation. It is not possible to change the country of destination or the amount of the payment order. If there is an error in specifying the country of destination or the amount of the sent payment order, it is necessary to cancel this operation and create a new one. The commission, provided in accordance with the current legislation, is subject to return to the client. Changes regarding the sending of orders for transactions can be made in two ways: in the System by bank employees of the Participant in the branch where the order was issued, or by contacting the RIA client service.
3 PROCEDURE FOR CONNECTION/TERMINATION OF PARTICIPATION IN THE INTERNATIONAL NETWORK RIA
RIA effectively assesses and manages risks associated with money laundering, terrorist financing, fraud against clients (consumers) and compliance with consumer protection laws. Compliance risk assessment will allow to determine the risks associated with the regulatory framework, the products and services offered, the geographical location of the operations and the delivery channels used to deliver the products and services to the consumer.
The purpose of risk assessment is to identify common risks in each area outlined above, develop policies and procedures to mitigate such risks, and effectively assess and manage residual risks.
Before establishing business relations with Participants, RIA conducts a complex financial and legal audit of each Participant:
- analysis of creditworthiness of the Participant
- the procedure for identification of the client (according to the rule "znay svoje klienta") and his assessment
3.1 Analysis of creditworthiness of the Participant
RIA conducts an analysis of the Participant's creditworthiness ("Participant Credit Analysis") for each company that applies for Participant status, analyzes the overall credit risk of the RIA in relation to the Participant, as well as the relative creditworthiness of the Participant and the relevant jurisdiction. The Participant must provide certain documentation and information upon request to the RIA to complete this analysis and evaluation of the Participant. This procedure describes how the RIA assesses and manages the credit and liquidity risks associated with the Participants in order to reduce the potential threat of bankruptcy in the payment system.
● Management of credit and liquidity risks:
RIA conducts a thorough examination of the financial stability, creditworthiness and operational history of each Participant to identify potential risks. This includes analysis of financial statements, profitability, credit obligations and economic stability of the jurisdictions in which they operate.
Credit obligations and risk reduction:
RIA evaluates credit obligations based on the volume of transactions of the Participant, payment methods and required security deposits. Situations with higher risk are subject to additional credit risk management measures.
Constant monitoring and management of liquidity:
The Treasury Department of the RIA daily monitors cash flows and liquidity needs to ensure the availability of funds to support the operating cycle and promptly respond to possible cash shortages.
Risk assessment:
Participants are assigned a risk rating based on their financial condition and operational factors, which helps to make decisions on the terms of contracts and measures to reduce risks.
Reduction of risks and emergency measures:
For high-risk Participants, the RIA may implement additional security measures, such as payment confirmations, financial guarantees or operational restrictions, to minimize risks.
This procedure ensures the stability and security of the payment system, maintaining strict control over financial and liquidity risks associated with RIA Participants.
3.2 The procedure for identification of the client (according to the rule "znay svoje klienta") and its evaluation
RIA has established a client identification procedure for establishing contractual relations in order to ensure that all agents have a good reputation and a reliable financial position. For this purpose, Participants must comply with the client identification procedure before establishing contractual relations. The client identification procedure for the establishment of contractual relations is intended to verify the final beneficiaries (actual users) of the Participants, as well as to verify the information provided by the Participants. The Participant is obliged to provide RIA with certain documentation and information for conducting a complex financial and legal examination, including the "Know Your Client" client identification procedure in accordance with the RIA's policy and procedures for combating money laundering and terrorist financing.
For certain participants, an extended complex financial and legal examination is carried out using an approach based on risk assessment.
The regulatory compliance department approves each Participant before it starts making money transfers within the framework of the agreement with the RIA in accordance with the procedures for checking compliance with the requirements of the RIA and the current legislation.
The agreement with the Participant, in particular, is terminated for the following reasons related to non-compliance with the requirements :
- Participant or its owner is included in the list of special categories and prohibited persons of the Ministry of Finance of the USA or in the list of problem banks of another country;
- Participant is defined as a person who has been involved in money laundering ; or
- Use of unacceptable negative mass media; and/or the Participant becomes an unacceptable risk to the company in accordance with the RIA policy on regulatory compliance.
3.3 Clearing banks and settlement procedures
Settlement bank accounts maintained by Participants and RIA are used for settlement of operations through the International RIA network. Payment and collection of funds can be made physically in the bank or funds can be paid by bank transfer to an agent or with the help of a debit card. RIA makes settlements with its Participants using global accounts in accordance with the terms of settlements under money transfer agreements, and procedures provided for informing the other party and transferring the latest data on the RIA bank account.
RIA follows these steps to manage settlement risks and ensure the safety of client funds:
· Protection of funds: RIA segregates client funds into separate accounts, separate from its own, in order to comply with regulatory requirements and guarantee that third parties cannot claim these funds.
· Settlement process: Payments are managed by the RIA's global treasury/finance team, which regulates settlements with Participants in accordance with agreed schedules. Calculations are carried out through bank transfers through global RIA accounts, in accordance with the concluded agreements.
· Credit conditions: For post-payment, RIA requires a credit check and may request a deposit or guarantee for risk management.
· Frequency and financing: The frequency of payments is established in the agreement (daily to monthly), using short-term financial instruments as necessary depending on time zones.
· Exchange of bank information: RIA and Participants exchange bank details in advance to simplify calculations.
This approach ensures protection of clients' funds and supports efficient and safe settlement operations.
3.4 Additional obligations of the Participant and legal compliance
Participants are obliged to immediately notify RIA of events that could have a significant adverse effect on its activities and/or its ability to fulfill its obligations and to receive any communications from the governing or regulatory body, law enforcement or judicial authorities related to the RIA Payment System and money transfers. RIA may suspend or terminate activity with a Participant who does not comply with applicable laws or policies and procedures regarding compliance with RIA requirements.
Participants are obliged to comply with all laws and regulations that regulate activities related to the transfer of funds by obtaining and maintaining in force all necessary licenses or permits in accordance with the requirements of the relevant regulatory, governmental or other bodies, agencies or organizations that regulate money transfers, including, but not limited to, the adoption and implementation of programs and policies to combat the legalization of proceeds of crime, the fight against corruption and fraud in accordance with RIA's applicable laws and procedures for regulatory compliance, appointment of a compliance officer, and training of employees accordingly. The Participant is obliged to notify the National Bank of the Republic of Kazakhstan about the adoption of any mandatory measures of control over money transfers and the fulfillment of any reporting requirements to any governing or regulatory bodies, if necessary. The Participant is required to keep all information on transactions, accounting documentation of complex financial and legal expertise of clients, and documents related to its efforts to ensure compliance with respect to transactions for at least five (5) years or during the period provided by local legislation, depending on which period will last longer, in order to fulfill requests for the provision of information within a reasonable period of time. Participants are required to fully cooperate with the RIA, any governing or regulatory bodies, and law enforcement agencies in connection with regulatory compliance issues.
4 COMPLIANCE WITH TREBOVANIY, MARY BEZOPASNOSTI IT AND UPRAVLENIE RISKAMI
RIA has been operating in the field of money transfers for more than 35 years and continues to assess risks in this connection, which contributes to its huge growth in such a short time. RIA continues to work with qualified teams and infrastructure in accordance with current legislation to carry out its money transfer activities.
4.1 Qualification of personnel and risk associated with security
Participants are obliged to ensure that their personnel have the appropriate qualifications and have received appropriate training to perform money transfer services. The Participants appoint a compliance officer who will implement and monitor compliance with the Participant's policy and rules for countering money laundering. The Participant is obliged to inform the relevant governing or regulatory bodies and RIA employees of any events in which the Participant suspects the presence of facts of fraud, money laundering or terrorist financing.
All RIA employees receive an Employee Handbook upon hiring, which contains a detailed overview of the RIA Security Policy. This policy governs the acceptable use of company resources, including computers, e-mail and the Internet.
RIA provides its employees with the equipment they need to perform their daily tasks, including laptops, desktop computers, and related hardware and software. Employees are instructed not to store personal or private documents on company-provided equipment, as these devices and their contents are considered company property. Having signed the notification of receipt of the Employee Handbook, all employees waive the right to confidentiality in relation to any information stored on the property of the company.
RIA's internal software has clearly defined access control measures that are remotely managed by authorized personnel. Access to the software is provided on an as-needed basis, which ensures that employees have access only to the resources necessary for their work. For example, customer service personnel have access only to those areas related to customer service operations.
RIA also maintains a comprehensive training program to ensure that all employees are aware of potential threats and fully understand the IT policies they must follow. Key management and system elements within the information security program are regularly tested, mainly by licensing departments and internal IT auditors. This guarantees compliance with all procedures and effectiveness of all control measures.
4.2 Risk associated with the use of hardware and software
The Participant must have a training program that will allow all employees to know about possible threats, as well as inform them about the policy of using information technologies, which they must comply with. All Participants should establish key controls and system procedures in accordance with RIA policy and applicable law.
To further reduce risks associated with hardware and software, RIA has implemented the following control measures:
1. Data encryption: All sensitive data stored on company devices are encrypted to prevent unauthorized access in case of loss or theft.
2. Multi-Factor Authentication (MFA) : MFA is required to access all critical systems, adding an additional layer of security beyond passwords.
3. Automated update management: All devices of the company are regularly updated with the installation of the latest security patches to protect against known vulnerabilities.
4. Protection of end devices: Advanced antivirus and antimalware solutions are installed on all devices of the company to detect and prevent malicious actions.
5. Monitoring and auditing of devices: Constant monitoring of the use of devices and regular audits are carried out to detect any unauthorized or suspicious activity.
6. Data Loss Prevention Policy (DLP): DLP technologies are used to monitor and control the transfer of sensitive data to prevent its accidental or malicious distribution.
7. Physical security measures: All company devices are equipped with physical security measures, such as cable locks, to prevent theft.
RIA has a complete set of security policies and technical documents that meet the best industry standards, which are reviewed annually. Some of them are listed below:
· Information security policy
· Safety incident response policy
· Remote access policy
· Logical access policy
· Policy classification of data
· Vulnerability management policy
· Data encryption policy
4.3 Risk associated with legal issues
RIA uses a group of experts on legal issues in different countries who analyze and advise on all issues related to operational activities at the international level, as well as in accordance with the requirements of local legislation. This reduces the legal risks that RIAs may face.
4.4 Risk of regulatory and legal compliance
RIA strives to carry out its activities in compliance with the requirements of safety and reliability according to the highest legal and ethical standards. We have established strict standards for compliance with applicable regulations designed to assist in the detection and prevention of money laundering and terrorist financing attempts, as well as compliance with any other laws and regulations that apply to the activities that RIAs perform in servicing money transactions. Participants are obliged to cooperate and immediately respond to all requests of the RIA to fulfill their obligations under regulatory and legal compliance.
4.4.1 Compliance risk management program
RIA has implemented an effective Compliance Risk Assessment Program to identify key areas of potential money laundering, terrorist financing and consumer fraud, as well as to assist in identifying cases of Participant non-compliance with the Compliance Policy .
4.4.2 "Know your agents and foreign participants"
RIA has developed policies, procedures and controls in accordance with applicable laws and regulations to ensure the safety of consumer funds and protection against money laundering and terrorist financing, detection and identification of clients and/or any unusual/suspicious activity, as well as to protect the company from reputational, operational and legal risks. RIA will conduct complex financial and legal examination of its agents, bank correspondents and Participants.
RIA has developed a policy for:
- Conducting extended complex financial and legal expertise of all foreign Participants.
- Monitoring operations of foreign participants using a risk assessment approach.
- Ensuring corrective actions and termination of activities of those foreign participants who do not comply with the stated policies and procedures.
4.4.3 Program monitoring operations
RIA has developed a comprehensive Operations Monitoring Program, which uses high-tech systems to: (i) detect unusual/suspicious activity related to applicable anti-money laundering laws and secret banking operations, terrorist financing and fraud risk; (ii) investigations of transactions that are considered unusual/suspicious or fraudulent; (iii) documentation of relevant cases; (iv) reporting unusual/suspicious activity to senior management in accordance with policy and applicable law; and (v) reporting suspicious activity to the government, if required by policy and law. RIA has established a team of compliance specialists and analysts responsible for assisting in the protection of the company's financial network, RIA brands, and reporting suspicious activity related to anti-money laundering, the Bank Secrecy Act, terrorist financing and fraud risks. Participants are obliged to cooperate and immediately respond to all requests of the RIA to fulfill their obligations under regulatory and legal compliance.
4.4.4 Program compliance sanctions
RIA advocates full compliance with sanctions within the jurisdictions in which it operates, including compliance with US sanctions imposed by the US Department of the Treasury's Office of Foreign Assets Control. Transactions may be cross-checked against various national and international sanctions lists, such as the Special Categories and Prohibited Persons List of the US Department of the Treasury's Office of Foreign Assets Control, the Consolidated Sanctions List of the US Department of the Treasury's Office of Foreign Assets Control, and the sanctions list in effect in other applicable local jurisdictions. Possible coincidences are noted, while Participants can unblock such operations only after receiving permission from the RIA Compliance Department.
RIA maintains a comprehensive program to ensure compliance with applicable economic sanctions and may take the necessary measures to prevent or suspend the start of activities of Participants in the RIA International Network, or the implementation of operations on behalf of, on behalf of, or in the interests of an individual, legal entity, country or organization to which such sanctions apply.
4.4.5 Training
Training personnel
Participants are obliged to implement an effective personnel training program. The program of training measures to combat the legalization of money obtained through criminal means is necessary for the success of any program to ensure regulatory and legal compliance. The purpose of compliance training is to ensure that each employee clearly understands the laws and regulations that he is required to comply with, which may include:
- Acquaintance of new employees with specific work
- Current training for all employees
- Perepodgotovku as necessary
4.4.6 Storage of accounting documentation
Regulatory bodies require financial institutions to keep records of their operations. In this regard, the RIA has adopted an appropriate record keeping policy in accordance with each jurisdiction, while the Participant is obliged to adhere to the record keeping policy provided for by the Republic of Kazakhstan.
4.5 Risk associated with the use of the operating system and software
RIA has a team of specially designated anti-fraud specialists who constantly monitor and manage fraud prevention measures. My duties include, among other things, the following :
- Working hand-in-hand with the team to ensure compliance with the purpose of studying and researching market trends
- Management of built-in system functions
- Management token security
- Work "hand to hand" with the Department of Technology Police
- Consulting and training of participants
- Formation of groups engaged in investigation after the completion of operations
Participants must fully cooperate with the RIA in implementing its policies and procedures related to this risk, including, without limitation, filtering of suspicious transactions, detection of unusual orders, automatic logout after inactivity on the site and conducting transactions outside of designated business hours.
The RIA software control department works around the clock to support the company's global presence. Having offices in various countries, RIA ensures the constant operation of its program centers, guaranteeing continuous operation of critical services in all regions where RIA conducts business. 24/7 staffing is a key element of RIA's commitment to operational sustainability, as reflected in RIA's Business Continuity Plan.
RIA applies the following measures to reduce the security risks of information technologies:
· Regular backup: All software and databases are regularly saved, which ensures data integrity and availability in case of system failure.
· Advanced threat protection: RIA uses sophisticated antivirus and antimalware solutions to protect against viruses, hacking attempts, and other malicious activities.
· Intrusion Detection and Prevention System (IDPS): Continuous monitoring of network traffic helps detect and prevent unauthorized access or attacks in real time.
· Automated system monitoring: Critical systems are constantly monitored for any signs of malfunction or abnormal behavior, with automatic alerts for immediate response.
· Backup systems: RIA supports backup systems and failover capabilities to ensure continuous operation in the event of system or equipment failure.
· Fraud detection mechanism: RIA uses advanced systems to detect fraudulent activities in order to prevent them and protect its systems and clients.
· Access control and user authentication: Implemented strict access control measures and user authentication processes to ensure access to sensitive systems and data by only authorized personnel.
In the event of a natural or man-made disaster, RIA has a comprehensive, documented disaster recovery plan that describes the exact steps to be taken. This plan guarantees fast service recovery and minimal downtime.
These measures and procedures are an integral part of RIA's strategy to reduce operational, system and software risks, ensuring stability and reliability of the company's global operations.
4.6 Information security
Participants are responsible for ensuring the security of their own systems used in connection with the fulfillment of their obligations when developing and maintaining an information security program that contains appropriate measures in accordance with current legislation and commercially reasonable industry standards designed to ensure security and confidentiality,
integrity and availability.
All relevant security information related to the security policy is included in the RIA Information Security Program.
5 УКЛОВИЯ УЧАСТИЯ В PLATEZHNOY SYSTEM
The Participant has the right to participate in the RIA Payment System based on the results of a comprehensive financial and legal examination of the Participant conducted by the RIA, in accordance with the terms and conditions of the agreement concluded between the Participant and the RIA, as well as in accordance with the policies and procedures of the RIA for ensuring regulatory compliance and execution of operations. Termination of the agreement and participation in the RIA Payment System is terminated in accordance with the concluded agreement.
5.1 Procedures for resolution of insolvency and consideration of violations on the part of Participants of the payment system
The agreement between the RIA and the Participant expressly grants the parties the right to its immediate termination, at any time and after written notification to the other party in the following cases (among others): (i) in the event that one of the parties declares or admits that it is insolvent or is otherwise unable to repay its debt within the specified period; (ii) after initiation of any legal proceedings (whether voluntary or compulsory) on the issue of bankruptcy, insolvency or relief from the claims of creditors; (iii) in the event that a regulatory authority initiates an investigation against a party that causes material damage to its operations or business reputation; (iv) in the event that one of the parties neither obtains nor retains all necessary licenses and/or permits to carry out the activity; (v) if one of the parties violates the terms of the agreement; (vi) in the event that one of the parties is not satisfied with the policies, procedures or internal control measures of the other party that relate to legislation on combating money laundering/terrorist financing. Moreover, the RIA has the right, at its discretion, in accordance with the terms of the agreements concluded with each Participant, to suspend, cancel or withhold any specific money transfer operation. Thus, in case of insolvency or non-compliance of the Participant with these Rules, RIA has the right to suspend, cancel or withhold any money transfer operation or service, if it deems it necessary.
RIA Payment System Operator Rules
for the Republic of Kazakhstan
Dandelion Payments, Inc. dba RIA Money Transfer
as Payment System Operator
January 2025
TABLE OF CONTENTS
1 INTRODUCTION AND DESCRIPTION OF PAYMENT SYSTEM
2 PROCEDURES FOR PAYMENT SYSTEM OPERATION
2.1 Operating Procedures
2.2 Description of the Services Provided by RIA and Working Hours
2.3 General Requirements to Transactions
2.4 RIA and the Participant Interaction. The procedure for using payment order information
2.5 RIA Requirements to Money Payment Services
2.6 RIA Requirements to Money Transfer Services
2.7 RIA's Order Cancellation/ Refund
2.8 RIA Customer Service
3 PROCEDURE OF JOINING/CEASING RIA INTERNATIONAL NETWORK
3.1 Participant Credit Review
3.2 KYC Procedure and Assessment
3.3 Clearing Banks and Settlement Procedures
3.4 Participant Additional Obligations and Compliance
4 COMPLIANCE AND IT SAFETY MEASURES AND RISK MANAGEMENT
4.1 Staff Qualifications and Security Risk
4.2 Equipment and Software Risk
4.3 Legal Issues Risk
4.4 Compliance Risk
4.5 Operational Systematic and Software Risk
4.6 Information Security
5 BREACH OF PAYMENT SYSTEM RULES
5.1 Procedures for Resolving Insolvency and Addressing Violations by Participants in the Payment System
1 INTRODUCTION AND DESCRIPTION OF PAYMENT SYSTEM
Dandelion Payments, Inc. dba RIA Money Transfer (“RIA”) is a part of the RIA Money Transfer division of Euronet Worldwide, Inc. ("Euronet"). Euronet provides secure electronic payment solutions for financial institutions, retailers, service providers, and individual consumers, both locally and globally. RIA is one of the International Money Transfer Operators (“IMTO”) that offers both outbound and inbound remittance services for our customers around the world. RIA has extensive coverage with sending locations in North America, Europe, Asia and Australia.
The RIA Payment System is the money transfer system operated by RIA, considered a Payment System Operator, pursuant to the Law of the Republic of Kazakhstan "On Payments and Payment Systems" dated 26 July 2016 No.11-VI, as may be updated and amended from time to time (" Payment Systems Law "). These RIA Payment System Operator Rules and any amendments to these rules from time to time (the “ Rules ”) and the terms used herein are solely for the purpose of addressing requirements of Article 5 to the Payment Systems Law in Kazakhstan and will be posted to the web address designated by RIA for Kazakhstan and communicated to the National Bank of Kazakhstan (the “ RIA Kazakhstan Web Site ”). These Rules and other documents provided by RIA to participants who hold all required licenses and authorizations to carry out money remittances in Kazakhstan pursuant to a money remittance agreement executed with RIA (" Participants ") are considered the RIA Payment System with respect to Kazakhstan. RIA may amend these Rules at any time without prior notice to any party and the Rules and subsequent changes shall be effective as of the date of posting on the RIA Kazakhstan Web Site, unless otherwise designated by RIA. These Rules are not enforceable against RIA by any third party, RIA does not enter any obligations towards any party as a result of providing these Rules, and nothing in the Rules shall be considered to confer any right or benefit on any party.
Customer fees charged in connection with a money remittance originating in Kazakhstan (“ Customer Fees ”) and any changes of those Customer Fees will be posted to the RIA Kazakhstan Web Site. Participants may apply only Customer Fees posted to the RIA Kazakhstan Web Site.
2 PROCEDURES FOR PAYMENT SYSTEM OPERATION
2.1 Operating Procedures
All participants of RIA Money Transfer System will sign a remittance agreement with RIA. These agreements state the rules that govern procedures that take place between Participants and obligate Participants to fulfill the requirements of the RIA Payment System based on the Payment Systems Law.
Participants, as the independent entity and holding all necessary licenses and authorizations to carry out money remittances in Kazakhstan, will co-operate with RIA on a non-exclusive basis, to provide the remittance service to customers in Kazakhstan.
RIA processes orders in its international network, performs anti-money laundering (“ AML ”) and other compliance-related activities, and uses software to facilitate money remittances. RIA works with a network of global correspondents and agents, in accordance with the rules and regulations of the originating countries, rules set by regulatory bodies in applicable jurisdictions, including the laws of the United States of America.
RIA collects orders from customers through 1) its correspondent or agent network in those countries and 2) its own stores in certain countries 3) online digital channels (“ International Network ”) for payout to a beneficiary in countries in which RIA operates through its International Network. Correspondents and agents in each country work through proprietary software.
For payment order instructions received by the Participant from RIA for payment to a beneficiary in Kazakhstan (" Money Payment Services "), Participants will act in accordance with the payment instructions received and make funds available to beneficiaries in Kazakhstan in the agreed currency and the amount indicated in the payment order instructions. The funds shall be available to the beneficiary with valid identification as required by local laws and in accordance with RIA procedures, including validation of any RIA PIN identification. If payment of funds cannot be accomplished for any reason within the RIA procedures, the Participant shall immediately notify the RIA with the reasons. Participants shall provide confirmation of payment to RIA and maintain records in accordance with applicable laws and RIA procedures.
For the collection of remittance funds and Customer Fees by the Participant from a customer in Kazakhstan to initiate a remittance transaction (" Money Transfer Services "), Participants will act in accordance with applicable laws and RIA procedure, including compliance with all customer identification procedures, applicable fraud, AML and other regulatory screenings required in order to initiate a transaction, disclosure of information to and obtaining consents from a customer in Kazakhstan. Participants shall use the RIA Payment System to initiate and send the payment order instructions to RIA for payout to beneficiaries in its International Network, in accordance with applicable laws and RIA procedures.
2.2 Description of the Services Provided by RIA and Working Hours
RIA provides consumer-to-consumer money transfer service through its International Network in more than 595,000 locations and in more than 198 countries and territories of the world. RIA will provide, via Participants in Kazakhstan, collection of remittance funds to initiate Money Transfer Services for payment of remittances to beneficiaries in the RIA International Network. Additionally, RIA will provide, via Participations in Kazakhstan, Cash Pick Up and Account Deposit for payment to beneficiaries in Kazakhstan.
There are 2 types of payment methods available in Kazakhstan.
- Cash Payments
- Account Deposit
2.2.1 Cash Payments means Money Payment Services where the Participant pays out cash to a Beneficiary at its physical locations, in accordance with payment order instructions, applicable laws, and RIA's procedures, including, without limitation, validating the transaction with a PIN and valid identification of the beneficiary.
2.2.2 Account Deposit means Money Payment Services where Participant deposits funds directly into a Beneficiary's bank account in accordance with payment order instructions, applicable laws, and RIA's procedures.
Participants in Kazakhstan will use their banking network to deposit the money in the beneficiaries' bank accounts. If the name and account number do not match, no money is deposited in the account, and the order is canceled at RIA's side. Participants may contact Beneficiaries to verify that the bank information is accurate and to notify them that the deposit will be made in a timely manner.
Participants may, where permitted by applicable laws, offer Account Deposit in Kazakhstan through Remote Channels .
Offering remittances by Remote Channels is the ability for a customer to connect to the Participant's remote access servers, logging into the Participant's network from distant locations (devices) using a bank debit/credit card. In order to use the Remote Channel, the customer must be registered with the Participant and have an account with the bank prior to initiating the remittance transaction. Remote Channels will be used for Money Payment Services and Money Transfer Services and shall be restricted only to customers of the Participant duly registered at the time of bank account opening and prior to initiating a remittance transaction, for which satisfactory compliance due diligence was performed in accordance with applicable laws, and the customer and transaction are monitored.
Participants must establish filters and limits according to applicable legislation. Customer will be able to receive/send money only to/from his account within Kazakhstan only. The Participant shall ensure that it is duly authorized by the laws and regulations of the applicable jurisdictions to conduct transactions using the remote channels.
Remote Channels can be composed of the following options:
- Bank payment terminals
- Bank's Automated Teller Machines
- Internet or mobile banking system
- Bank's call center (if applicable)
- Mobile payments
2.2.3 Working Hours. Participants shall provide the Money Payment Services and Money Transfer Services during its normal business hours at all locations offering the services. RIA has deployed a pool of dedicated customer service representatives in certain countries as well as dedicated compliance and marketing staff to support Participants. RIA has in place a 24-hour a day, 7 days a week, 365 days a year dedicated service representatives to whom Participants can call to make inquiries, lodge complaints and seek resolutions to issues.
2.3 General Requirements for Transactions
Participant shall fulfill all the following obligations:
- All operations related to sending, payment, or amendment of money transfer orders shall be carried out in the presence of the customer.
- Customers and beneficiaries shall read and sign all receipts with disclosures and information required by applicable laws.
- Participant is not allowed to charge additional fees to the customer for transaction, except the Customer Fee and any other fees agreed in writing between RIA and the Participant.
- Participants shall consider all transactional, customer and beneficiary information as confidential and shall not be disclosed to third parties except as permitted by the agreement between RIA and Participant and as required by applicable laws.
- Personal information of customers and beneficiaries shall be used and disclosed strictly in accordance with applicable laws and pursuant to the agreement between RIA and Participant.
- Each user of Participant who is performing transactions should use his or her unique login and password to access RIA's Payment System for transaction processing.
2.4 RIA and the Participant Interaction The procedure for using payment order information
- Initiating a remittance transaction
o Money transfer orders are entered into the online system by Participants or correspondents and agents in the RIA international network.
o Once the order is entered into the system, a receipt is printed with a unique PIN that the Participant will provide to the sender to be communicated to the beneficiary to pick up the money.
- Payment of a remittance transaction to a beneficiary
o The Participant or correspondent/agent in the RIA International Network will request applicable identification documents from the beneficiary, verify the name (and other details), and, pursuant to applicable laws, will make copies of identification documents.
o If the information is not validated or correct information provided, no payment is made. The transaction will be canceled and the amount of the order and fees charged to the sender are refunded to the sender in the amount required by applicable laws.
o In the case of payout of funds, the system may generate two copies of the receipt, one for the beneficiary and the other for the Participant or correspondent/agent. The beneficiary will sign both copies and the operator will pay out funds to the beneficiary.
o The system generally receives all payment confirmations from sending Participants or correspondents/agents in real time and provides an opportunity for Participants or correspondents/agents and RIA to view the current status of received and sent orders.
- Participants shall train their employees in the RIA procedures and applicable laws, including anti-money laundering programs, record retention requirements, information security, and consumer protection and data privacy laws. Any changes to the above procedures will be published on RIAKazakhstan Web Site within the period required by applicable law and additionally will be communicated to all Participants in the Republic of Kazakhstan.
2.5 RIA Requirements to Money Payment Services
Upon receiving payment instructions from RIA or the Participant, the other party shall undertake the following:
- Pay out the funds according to the payment order instructions.
- Validate each claim for payment by matching the Personal Identification Number (“PIN”) provided by the beneficiary against the PIN provided by the party generating the payment order. Pay out the funds to the designated beneficiary only after verification of the beneficiary's identity in accordance with the applicable law. Participants are not allowed to charge the beneficiary any additional fee at the time of the transaction payout. Transaction can be paid only if the client has provided the correct PIN number and the beneficiary's identification has been verified in accordance with the applicable law. Minor discrepancies may exist between the transaction data in the money transfer order and the client's name provided in the identity card. For example, Maria and Marya with the same surname. In such cases, the Participant shall confirm whether the transaction may be paid out in accordance with its compliance procedures and applicable law. The Participant may also contact the RIA's call center to request an amendment to the name of the beneficiary and the RIA will make reasonable efforts to modify the money transfer order, when possible. All remittance transactions shall be paid in the currency stated in the money transfer order and receipts provided to beneficiaries in accordance with applicable law, with copies provided to RIA in accordance with RIA's procedures.
2.6 RIA's Requirements for Money Transfer Services
- Sending money transfer orders shall be carried out only after the customer has paid the whole amount to the Participant, including the money transfer amount of the order and customer fee, and has provided the following information:
- Transfer amount
- Payout currency
- Commission currency
- Complete sender's name
- Sender document's data
- Beneficiary name
- Sender should determine the currency in which the order will be paid out, in accordance with available currencies for a particular destination country.
- The cost of the transaction will be specified in the Customer Fees provided on the RIA Kazakhstan Web Site and in the system available to the Participant at the time of initiating the transaction. Participant shall perform money remittance transaction only in accordance with the system requirements, the Rules, as published on the RIA Kazakhstan Web Site (as may be amended from time to time), the agreement between Participant and RIA and otherwise in accordance with RIA's procedures.
2.7 RIA's Order Cancellation/ Refund
- If the customer wishes to cancel an order, he/she must contact the Participant location where the customer placed the transfer. Following such a cancellation request, and unless payment to the Beneficiary has already been made (whether in cash or to an Account) RIA shall refund the amount, the fee for the order and charges in accordance with the applicable law on the condition that the customer provides a copy of (i) the valid order and (ii) present and valid ID. A remittance transaction may not be canceled or refunded once the funds have been paid to the Beneficiary.
- If a remittance transaction is not paid to a Beneficiary within 21 days, RIA will automatically cancel the remittance transaction and notify the sender via the Participant in Kazakhstan or correspondent/agent in the RIA International Network.
2.8 RIA Customer Service
Participants shall contact RIA, whenever circumstances arise that may delay payment or cause customer complaints, such as:
- Change of Beneficiary name
- Incorrect or incomplete Beneficiary telephone number
- Incorrect or incomplete Beneficiary address
Transactions may not be amended if the status of the transaction is paid, blocked, canceled. Country of destination or order amount may not be amended. If there is a mistake in the country of destination or in the amount of the sent order, it is necessary to cancel this transaction and create a new one. Fees required by applicable laws to be refunded shall be returned to the customer. Modifications to send transaction orders can be made in two ways: in the System by the teller of the Participant in the branch where the order has been placed or by contacting RIA's customer service.
3 PROCEDURE OF JOINING/CEASING RIA INTERNATIONAL NETWORK
RIA effectively assesses and manages risks associated with money laundering, terrorist financing, consumer fraud, and compliance with consumer protection laws. Compliance risk assessments will identify the risks associated within the regulatory environment, the products and services offered, geographical locations of operation and the delivery channels used to deliver the products and services to the consumer.
The objective of the risk assessments is to determine inherent risks in each area outlined above, develop policies and procedures to mitigate those risks, and effectively assess and manage the residual risks.
Before formalizing a business relationship with Participants, RIA conducts a compliance due diligence review of each Participant:
- Participant Credit Review
- KYC procedure and assessment
3.1 Participant Credit Review
RIA performs a Participant Credit Review, (a “PCR”), on each company which applies to become a Participant, which analyzes RIA's overall credit exposure to the Participant, and relative creditworthiness of the Participant and the jurisdiction. Participants will be required to provide certain documentation and information requested by RIA in order to complete the review and evaluation of Participant. This procedure addresses how RIA assesses and manages credit and liquidity risks associated with participants to mitigate potential insolvency within the payment system.
· Credit and Liquidity Risk Management:
RIA conducts a thorough review of each participant's financial stability, creditworthiness, and operational history to verify potential risks. This includes an analysis of their financial statements, profitability, credit exposure, and the economic stability of their operating jurisdictions.
· Credit Exposure and Risk Mitigation:
RIA evaluates credit exposure based on the participant's transaction volume, payment methods, and required security deposits. Higher-risk situations are subject to additional credit management measures.
· Ongoing Monitoring and Cash Management:
RIA's Treasury Department monitors daily cash flow and liquidity needs to ensure funds are available to support the operating cycle and to identify and respond to any cash shortages promptly.
· Risk Assessment Ratings:
Participants are assigned a risk rating based on financial health and operational factors, guiding decisions around contract terms and risk mitigation requirements.
· Risk Mitigation and Contingency Measures:
For high-risk participants, RIA may implement additional safeguards, such as payment confirmations, financial guarantees, or operational limitations to minimize exposure.
This procedure ensures a stable and secure payment system by maintaining rigorous oversight of financial and liquidity risks associated with RIA's Participants.
3.2 KYC Procedure and Assessment
RIA has established a KYC on-boarding procedure to ensure all agents are of good character and sound financial standing. To that end, Participants must be KYC compliant before a relationship is established. The KYC on-boarding procedure is designed to verify ultimate beneficial owners of Participants and validate that the information Participants provide. Participant must provide certain documentation and information for RIA to perform its Compliance due diligence review, including Know-Your-Customer procedure in accordance with RIA's anti-money laundering and counter terrorist financing policies and procedures.
Enhanced due diligence is performed on certain participants using a risk-based approach.
The Compliance Department approves each Participant before they begin the performance of money remittances under the RIA agreement in accordance with RIA's Compliance procedures and applicable law.
A Participant agreement will be terminated for the following Compliance reasons, among other conditions:
- Participant or its owner is placed on the United States Treasury's SDN list or other country's watch list;
- Participant is designated a primary money laundering concern; or
- Unacceptable negative media: and/or Participant becomes an unacceptable risk to the company in accordance with RIA' Compliance policies.
3.3 Clearing Banks and Settlement Procedures
Settlement banking accounts maintained by Participants and RIA are used for the settlement of transactions through the RIA's International Network. Payout and collection of funds may be done physically at the bank or may be cleared by bank transfer by the agent or by debit card. RIA will settle transactions with its participants using global accounts pursuant to the settlement terms of the money remittance agreements and procedures provided to inform and update the other party with respect to bank account information.
RIA follows these steps to manage settlement risk and secure customer funds:
· Safeguarding Funds: RIA segregates customer funds in designated accounts, separate from its own, to comply with regulations and ensure third parties have no claim over these funds.
· Settlement Process: Payments are managed by RIA's Global Treasury/Finance team, which settles balances with participants according to agreed schedules. Settlements are executed via wire transfers through RIA's global accounts, in line with established agreements.
· Credit Terms: For post-payment, RIA requires a credit review and may request deposits or guarantees to manage risk.
· Frequency and Financing: Settlement frequency is set in agreement (daily to monthly), with short-term financing options used as needed due to time zones.
· Bank Information Exchange: RIA and participants exchange bank details upfront to streamline settlement.
This approach safeguards customer funds and supports efficient, secure settlement operations.
3.4 Participant Additional Obligations and Compliance
Participants shall immediately notify RIA of events that could have a material adverse effect on its business and/or its ability to perform its obligations and receipt of any communications from a governing or regulatory authority, law enforcement or legal agency related to the RIA Payment System and money remittances. RIA may suspend or cease business with a Participant that is not in compliance with applicable laws or RIA compliance policies and procedures.
Participants shall comply with all laws and regulations that regulate the money remittance business by obtaining and maintaining all necessary licenses or authorizations required from or by the regulatory, government or other agency or entity that regulates money transmission in order for it to fulfill its obligations, including, without limitation, adoption and implementation of anti-money laundering, anti-bribery, and anti-fraud programs and policies in accordance with applicable laws and RIA compliance and procedures, designating a Compliance Officer and training its employees accordingly. Participant shall notify National Bank of Kazakhstan of implementation of any mandatory controls of money transfers and any reporting requirements to any governing or regulatory authorities, if required. Participant shall maintain all transaction information, customer due diligence records, and documents related to its compliance efforts related to the transactions for at least five (5) years or as required by local laws, whichever is longer to comply with information requests within a reasonable time. Participants shall cooperate fully with RIA, any governing or regulatory authorities and law enforcement agencies, in connection with compliance matters.
4 COMPLIANCE AND IT SAFETY MEASURES AND RISK MANAGEMENT
RIA has been in the money transfer business for more than 35 years and continues to evaluate the risks involved, which has contributed to its tremendous growth in such a short time. RIA continues to work with qualified teams and infrastructure in accordance with applicable laws to operate its money transfer business.
4.1 Staff Qualifications and Security Risk
Participants shall ensure their staff are duly qualified and trained to perform the remittance services. Participants shall appoint a Compliance Officer that implements and monitors adherence to the Participant's anti-money laundering policy and the Rules. Participants shall report to the appropriate governing or regulatory authorities and RIA any employees and events in which the Participant suspects fraud, anti-money laundering, or terrorist financing.
All RIA employees are provided with an Employee Handbook upon hiring, which contains a detailed overview of RIA's Security Policy. This policy governs the acceptable use of company resources, including computers, email, and the Internet.
RIA supplies its employees with the necessary equipment to perform their daily tasks, including laptops, desktops, and associated hardware and software. Employees are instructed not to store personal or private documents on company-provided equipment, as these devices and their contents are considered company property. By signing the acknowledgment of receipt of the Employee Handbook, all employees waive their right to privacy regarding any information stored on company-owned property.
RIA's internal software system has clearly defined access controls, which are remotely managed by authorized personnel. Access to software is granted on a need-to-access basis, ensuring that employees only have access to the resources necessary for their roles. For example, customer service staff are granted access only to areas relevant to customer service operations.
RIA also maintains a comprehensive training program to ensure all employees are aware of potential threats and fully understand the IT policies they must follow. The key controls and system procedures within the information security program are regularly tested, primarily by the licensing departments and internal IT auditors. This ensures adherence to all procedures and the effectiveness of all controls.
4.2 Equipment and Software Risk
Participant shall have a training program to keep all the employees aware of the possible threats and inform them on the IT policies they have to follow. Key controls and system procedures should be in place by all participants in accordance with RIA policies and applicable laws.
To further mitigate Equipment and Software Risk, RIA has implemented the following controls:
Data Encryption: All sensitive data stored on company devices is encrypted to prevent unauthorized access in case of loss or theft.
Multi-Factor Authentication (MFA): MFA is required for accessing all critical systems, adding an extra layer of security beyond just passwords.
Automated Patch Management: All company devices are regularly updated with the latest security patches to protect against known vulnerabilities.
Endpoint Protection: Advanced antivirus and anti-malware solutions are installed on all company devices to detect and prevent malicious activities.
Device Monitoring and Auditing: Continuous monitoring of device usage and regular audits are conducted to detect any unauthorized or suspicious activities.
Data Loss Prevention (DLP) Policies : DLP technologies are employed to monitor and control the transfer of sensitive data, ensuring it is not inadvertently or maliciously shared.
Physical Security Controls : All company devices are equipped with physical security measures, such as cable locks, to prevent theft.
RIA has a comprehensive suite of security policies and technical documents aligned to industry's best practice which are reviewed annually. Some of these are listed below:
· Information Security policy
· Security Incident Response policy
· Remote Access policy
· Logical Access policy
· Data Classification policy
· Vulnerability Management policy
· Data Encryption policy
4.3 Risk of Legal Issues
RIA uses a team of legal experts in various countries that analyze and advise on all operational issues internationally as well as local country laws. This mitigates the legal risks that RIA may face.
4.4 Compliance Risk
RIA is dedicated to operating in a safe and sound manner with the highest legal and ethical standards. We have established strict standards of compliance with applicable regulations designed to assist in the detection and prevention of money laundering and terrorist financing, as well as any other laws and regulations that pertain to the activities that RIA performs as a money service business. Participants shall cooperate and respond promptly to all requests by RIA to fulfill its compliance obligations.
4.4.1 Compliance Risk Management Program
RIA has implemented an effective Compliance Risk Assessment Program in order to identify key areas of potential money laundering, terrorist financing, and consumer fraud activities; as well as to assist in identifying Participant's non-adherence to compliance.
4.4.2 Know Your Agents and Foreign Participants
RIA has established policies, procedures and controls in accordance with applicable laws and regulations to safeguard consumer funds and to protect against the laundering of funds and financing of terrorist activities, detection and identification of customers and/or any unusual/suspicious activity, and to prevent the company from reputational, operational and legal risks. RIA will conduct due diligence of its agents, correspondents, and participants.
RIA has established a policy to:
- Conduct enhanced due diligence on all foreign participants.
- Monitor transactions of foreign participants using a risk-based approach.
- Provide corrective action and termination of those foreign participants that do not follow the policies and procedures set forth.
4.4.3 Transaction Monitoring Program
RIA has designed a comprehensive Transaction Monitoring Program that has sophisticated systems in place to: (i) identify unusual/suspicious activity associated with applicable anti-money laundering and bank secrecy laws, terrorist financing, and fraud risks; (ii) investigates those transactions deemed to be unusual/suspicious or fraudulent; (iii) document applicable cases; (iv) reports unusual/suspicious activity to senior management in accordance with policies and applicable law; and (v) reports suspicious activity to the government where required by policies and law. RIA has built a team comprised of compliance professionals and analysts, responsible for assisting in the safeguarding of the company's financial network system, RIA' brands, and reporting of suspicious activity related to AML, BSA, terrorist financing, and fraud risks. Participants shall cooperate and respond promptly to all requests by RIA to fulfill its compliance obligations.
4.4.4 Sanctions Program
RIA is committed to full compliance with sanctions in the jurisdictions in which it operates, including compliance with the US sanctions administered and enforced by the US Department of the Treasury's Office of Foreign Assets Control. Transactions may be compared to a variety of national and international level sanctions lists, such as OFAC's SDN list, OFAC's Consolidated Sanctions List and other applicable local jurisdiction's sanction list. Possible matches are flagged and cannot be released prior to approval from RIA Compliance.
RIA maintains a comprehensive program to ensure compliance with applicable economic sanctions and may take necessary steps to prevent or suspend the launch of Participants in RIA's international network or the execution of transactions for, on behalf of, or for the benefit of, a sanctioned individual, entity, country, or organization.
4.4.5 Training
Employee Training
Participants shall implement an effective employee training program. An anti-money laundering training program is imperative to the success of any compliance program. The purpose of compliance training is to ensure each employee has a good understanding of the laws and regulations they must uphold, which may include:
- New hire orientation
- Ongoing training to all employees
- Refresher training as needed
4.4.6 Record Retention
Regulators require financial institutions to maintain records for their transactions. RIA has therefore adopted the appropriate record-keeping policy according to each jurisdiction and the Participant shall adhere to the record retention policy for Kazakhstan.
4.5 Operational Systematic and Software Risk
RIA has a team of dedicated anti-fraud specialists continuously administering and managing fraud prevention measures. Their duties include but are not limited to the following:
- Work hand in hand with the compliance team to investigate and research trends in the marketplace
- Manage built-in system features
- Manage security tokens
- Work hand in hand with the technology department of the police
- Advise and train participants
- Post transaction investigation teams
Participants shall fully cooperate with RIA in its policies and procedures related to this risk including, without limitation, filtering suspicious transactions, identifying uncommon orders, automatic logouts after no activity on the site and holding transactions outside of designated working hours.
RIA's Software Control Department operates 24/7 to accommodate its global presence. With offices in various countries, RIA ensures that its software centers are always adequately staffed, guaranteeing the continuous functionality of critical services across all the regions where RIA conducts business. This round-the-clock staffing is a key component of RIA's commitment to operational resilience which is disclosed in RIA Business Continuity Plan
To mitigate IT security risks, RIA implements the following measures:
Regular Backups: All software and databases are regularly backed up, ensuring data integrity and availability in the event of system failures.
Advanced Threat Protection: RIA employs sophisticated antivirus and anti-malware solutions to safeguard against viruses, hacking attempts, and other malicious activities.
Intrusion Detection and Prevention Systems (IDPS): Continuous monitoring of network traffic helps detect and prevent unauthorized access or attacks in real-time.
Automated System Monitoring: Critical systems are continuously monitored for any signs of malfunction or abnormal behavior, with automated alerts to initiate immediate response.
Redundant Systems: RIA maintains redundant systems and failover capabilities to ensure continuous operation in case of system or hardware failures.
Fraud Detection Mechanisms: RIA utilizes advanced fraud detection systems to identify and mitigate fraudulent activities, thereby protecting its systems and customers.
Access Control and User Authentication : Strict access controls and user authentication processes are in place to ensure that only authorized personnel can access sensitive systems and data.
In the event of a natural or man-made disaster, RIA has a comprehensive, documented Disaster Recovery Plan that outlines the precise steps to be followed. This plan ensures the rapid restoration of services and minimizes downtime.
These controls and procedures are integral to RIA's strategy for mitigating operational, systemic, and software risks, ensuring the robustness and reliability of its global operations.
4.6 Information Security
Participants shall be responsible for maintaining the security for their own systems used in connection with performing its obligations in establishing and maintaining an information security program which contains appropriate measures, in accordance with applicable laws and commercially reasonable industry standards, designed to ensure security, confidentiality, integrity and availability.
All relevant security information pertaining to the security policies includes the RIA Information Security Program.
5 PARTICIPATION IN PAYMENT SYSTEM
Participants may participate in the RIA Payment System based on the due diligence by RIA of the Participant and in accordance with the terms and conditions of the agreement executed between the Participant and RIA and RIA compliance and operational policies and procedures. Termination of the agreement and participation in the RIA Payment System will be pursuant to the executed agreement.
5.1 Procedures for Resolving Insolvency and Addressing Violations by Participants in the Payment System
The agreement between RIA and the Participant specifically provides the parties the right to terminate the agreement immediately, at any time and upon written notice to the other party in the following events (among others): (i) in the event that a party is declared or acknowledges that it is insolvent or otherwise unable to pay its debts as they become due; (ii) upon the filing of any proceeding (whether voluntary or involuntary) for bankruptcy, insolvency or relief from creditors; (iii) in case a regulatory authority initiates an investigation against a party which will materially impair its operations or its business reputation; (iv) in case a party fails to obtain or maintain all necessary licenses and/or authorizations to operate; (v) in case a party breaches the terms of the agreement; (vi) in the event a party is not satisfied with the other party's policies, procedures or internal controls related to anti-money laundering/anti-terrorist financing laws. Moreover, Ria has the sole discretion, per the terms of the agreements entered with each Participant, to suspend, cancel or withhold any particular remittance transaction. Therefore, in the event of insolvency or non-compliance by a Participant with these Rules, Ria may suspend, cancel or withhold any remittance transaction or remittance service as it deems necessary.