KryptoBrokerInvest Help Center | Record Keeping Policy

Record Keeping Policy

KryptoBrokerInvest

Last Update 7 bulan yang lalu

1. OVERVIEW

KRYPTO BROKER INVEST is required to implement record-keeping arrangements to comply with regulatory obligations in its operating countries. This policy specifies these requirements, the types of records to be maintained, their retention periods, and access methods.

This policy is subject to KRYPTO BROKER INVEST’s Group Data Protection and Privacy Policy, which prevails in the event of any conflicts. Operational procedures will outline specific details for record-keeping, and this policy should be consulted alongside those procedures to ensure effective access, retrieval, and archiving of records.

2. SCOPE

This policy and procedure apply to all business areas within KRYPTO BROKER INVEST, and all employees must adhere to its provisions. Non-compliance may result in violations of relevant regulations, leading to fines and potential damage to KRYPTO BROKER INVEST's reputation.

In the event of any conflict or inconsistency with the main policy, the jurisdiction-specific schedules will take priority.

3. DEFINITIONS

Employees

in respect of personnel at KRYPTO BROKER INVEST, each salaried employee, executive and non-executive board director and each person (whether salaried or non- salaried) working on a short-term or long-term contract directly with a KRYPTO BROKER INVEST entity or on

secondment or transfer from other companies, including interns

KRYPTO BROKER INVEST

KRYPTO BROKER INVEST and its affiliates and subsidiaries

4. REGULATORY PURPOSE

Record-keeping is essential for several reasons. It acts as evidence and creates an audit trail of KRYPTO BROKER INVEST's interactions with clients and external parties, such as auditors. These records can demonstrate the actions taken by both the client and KRYPTO BROKER INVEST in the event of issues, including complaints, financial crimes, or investigations—whether regulatory or criminal. Furthermore, proper record maintenance allows regulators to conduct their supervisory reviews effectively.

5. RECORD KEEPING LOCATION

KRYPTO BROKER INVEST primarily maintains its books and records in electronic format. Any hard copy records should be scanned and stored in the designated repository. All records will be in English and accessible as needed.

KRYPTO BROKER INVEST utilizes various IT systems to store and manage data and information related to its business operations.

If any employee is unsure about where to file records, they should consult their line manager for guidance.

6. RECORDS TO BE KEPT

Krypto Broker will maintain a record of all versions of Client Agreements and be able to identify all changes made between versions.

Record Type	Examples	Retention Period
Corporate Governance Orderly records of systems & controls MLRO/MLCO related records when a person ceases to act	Board /Committee minutes, meeting schedules, attendance Financial Records Outsourcing agreements/ SLAs Business Risk Assessment matters Policies & Procedures Assessment by the Board of the effectiveness of systems & controls Compliance, MLCO & MLRO reporting Consideration by the Board of cultural and other barriers to prevent the effectiveness of internal systems & controls All records related to MLRO & MLCO including electronic communications HR files, appraisal, training & CPD records, board reports and assessment of any matters highlighted to them	8 years from the date of the record
Identification measures	CDD, supporting documents, data & information in respect of a business relationship or one-off transaction including account files and business correspondence	8 years from date of the record
Transactions	All records sufficient to reconstruct any individual transaction including, (non-exhaustive): Name & contact details for customer Type of asset + amount Valuation Wallet address/es Approvers facilitating transfer Date of initiation of transfer Instruction	8 years from date of the record
Complaints	All details relating to a complaint, including correspondence, register, escalation reports	8 years from date of the record
Ongoing Monitoring	All records relating to the analysis of a transaction e.g., Chainalysis findings, action taken, escalation etc. All records of transactions and activity with a person connected with an enhanced risk state	8 years from date of the record
Suspicious Activity Reports ("SARS")	Registers recording internal/external SARS A copy of the form used to make an internal SAR for a client and Supporting documentation Enquiries made in relation to that internal SAR and decision of the MLRO to make or not make an external SAR Where an external SAR has been made, copy of the form used to make the external SAR and supporting documentation provided to the JFCU Relevant information passed to any applicable regulator after making the external SAR	8 years from date of the record
Screening, awareness and training of employees	Training records including dates it was provided, subject matter and how provided, register of attendees and results of employee testing/failures/ retakes CPD records.	8 years from date of the record
Policies & Procedures	Audit trail of material changes to the firm's policies and procedures All version-controlled policies and procedures	8 years from date of the record
Financial Records	Accounting records Details of all transactions Enable financial statements to be prepared Evidence financial position
Companies' Records	All company records including: Directors/members registers Annual returns Accounting records Minute books Certificate of incorporation

7. PROCEDURES

Employee Request - If an employee wishes to access a record they are not authorized to retrieve, they should submit a request to their line manager, clearly explaining the reason for their request. The line manager will assess whether it is appropriate to grant access to the requested information.

If the line manager has any concerns about the request, they should escalate the issue to the Head of Compliance and the Chief Information Security Officer for further evaluation.

Regulatory Request - If any employee is asked to provide information to a regulator or statutory authority, the request must be escalated to the Head of Compliance for further action.

Compliance Testing - Compliance will periodically test the retrieval of documents in line with regulations. A request will be sent to the designated test target, and any findings will be documented with recommended remedial actions where necessary.

Auditor Requests - Occasionally, KRYPTO BROKER INVEST’s auditors may request company information. All such requests should be directed to the Head of Operations in the first instance.

8. ACCESS, RETRIEVAL AND TESTING OF RECORDS

KRYPTO BROKER INVEST must (i) regularly assess the accessibility and condition of paper and electronic records, (ii) test retrieval procedures as needed, and (iii) ensure proper safekeeping of records.

These requirements are evaluated through daily tasks, compliance testing, cybersecurity assessments, disaster recovery drills, and audits by external authorities.

Most records are stored electronically with regular backups. Access will be controlled via role-based permissions established by the information security function, with protocols set by senior management.

Hardcopy records should be retained only if required by law. When possible, they should be scanned and stored appropriately. Original documents must be archived in a secure area with controlled access.

For records held by third parties, access and safekeeping will be outlined in contracts, ensuring timely availability for regulatory requests and allowing for on-site visits as needed.

Regulators may request information, which must be retrievable in English, accessible in the relevant jurisdiction, and readable without delay. Such requests should be escalated to the Compliance Department

for timely handling.

9. MINUTES OF BOARD MEETINGS AND COMMITTEES

To demonstrate KRYPTO BROKER INVEST’s decision-making process and the rationale behind its choices, the company maintains detailed minutes of meetings for each group entity's board and its committees. While primarily for internal use, these minutes may also be shared with regulators to

facilitate oversight, so they should include adequate detail on discussions related to business risks, customer interests, and contentious issues.

Minutes do not need to be a verbatim record; rather, they should summarize key discussion points and significant challenges. Topics outside the corporate governance framework need not be documented. Additionally, minutes should provide enough context for an independent reviewer, like a regulator, to

understand the reasons for the board's decisions. If board papers are presented solely for information, this should be indicated, along with notes on any significant discussions about risks or challenges faced by

executives or senior management.

Any actions resulting from the meetings must have designated owners, and their completion should be tracked against agreed timelines at each meeting.

SCHEDULE 1: DUBAI - SPECIFIC POLICIES

Documents and records must be retained for the periods specified by applicable laws, regulations, regulatory notices, or guidelines, including Federal Law No. 45 of 2021 on the Protection of Personal Data (PPDLT) and its accompanying executive regulations.

Was this article helpful?

0 out of 0 liked this article