AML / CTF POLICY

Last updated 2023/08/01

Version: 4.0

Purpose

This document sets out the principles and standards for compliance and management of risks associated with financial crime in PionPay OU (PionPay). The purpose of this document is to prevent the PionPay from being used for financial crime to comply with all applicable legal requirements and to ensure that the most appropriate action is taken by the PionPay to mitigate the risks associated with financial crime.

This document outlines the applicable legal requirements related to financial crime to which the PionPay must adhere, as well as internal measures which are established by the PionPay to ensure it complies with these legal requirements. This document is referred to as the Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) and Sanctions Policy (the Policy) and sets the parameters for the PionPay in relation to the AML, CTF and sanctions framework.

Scope and application

The Policy applies to all PionPay employees, all units in the PionPay, senior management, foreign correspondents, contractors and third parties with whom PionPay may contract with.

The aim of the PionPay is not only to comply with relevant legal requirements, but also to mitigate and reduce the potential risk to the PionPay of our customers using our products, services and delivery channels to launder the proceeds of illegal activity, fund terrorist activity or conduct prohibited financial sanctions activity.

The Policy is updated at least once a year, or more frequently based on international requirements and legislative changes, particularly with the implementation of the 2nd Payment Services Directive and the Directive (EU) 2018/843 of the European Parliament and of the Council Of 30 May 2018 Amending Directive (EU) 2015/849 on the Prevention of the use of the financial system for the Purposes of Money Laundering or Terrorist Financing, and Amending Directives 2009/138/EC and on the Law on Prevention of Money Laundering and Terrorism Financing of Republic of Lithuania and Estonia.

Definitions

Money laundering is generally defined as engaging in acts designed to conceal or disguise the true origin of criminally derived proceeds so that the unlawful proceeds appear to have derived from legitimate origins or constitute legitimate assets. Generally, money laundering occurs in three stages:

  • Placement: Cash generated from criminal activities is converted into monetary instruments, such as money orders or traveller’s checks, or deposited into accounts at financial institutions.
  • Layering: Funds are transferred or moved into other accounts or other financial institutions to further separate the money from its criminal origin.
  • Integration: Funds are reintroduced into the economy and used to purchase legitimate assets or to fund other criminal activities or legitimate businesses.

It also covers money, however acquired, which is used to fund terrorism. Terrorist financing may not involve the proceeds of criminal conduct, but rather an attempt to conceal the origin or intended use of the funds, which will later be used for criminal purposes.

Terrorist financing relates to the raising or holding of funds (directly or indirectly) with the intention that those funds should be used to carry out activities defined as acts of terrorism or with the intention to dispose those funds to a terrorist group or a separate terrorist.

Criminal property is the proceeds of criminal conduct. This includes any type of conduct, wherever it takes place, which would constitute a criminal offence if committed in the Estonia and Lithuania. It includes drug trafficking, terrorist activity, tax evasion, corruption, fraud, forgery, theft, counterfeiting, black mail and extortion. It also includes any other offence that is committed for profit.

Sanctions are political and economic decisions that are part of diplomatic efforts by countries, multilateral or regional organizations against states or organizations either to protect national security interests, or to protect international law, and defend against threats to international peace and security. Sanctions can be:

a) Specific, i.e. relate to specific lists of named individuals, legal entities, organizations, vessels etc. (the US Department of Treasury refers to some of these entities as Specially Designated Nationals),

b) General, i.e. cover all transactions with certain countries or jurisdictions; certain transactions with countries or jurisdictions such as exports, imports or new investment, or all transactions within a certain area of activity/products (e.g. arms sales to a particular country).

c) Sectoral, i.e. cover certain parties in specific sectors (OFAC designates parties on a Sectoral Sanctions Identification List or “SSI List”) but only restrict certain transactions of these designated parties.

The Money Laundering Regulations

Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 require relevant businesses to have:

  • Policies and procedures to prevent them from being used by money launderers.
  • Employees trained in these procedures and in anti-money laundering law.
  • Checks and controls to ensure that the policies and procedures are working.
  • Have internal and external measures in place for the disclosure procedures for suspicious transactions.

Regulation of The Money Laundering Regulations (Law on the Prevention of Money Laundering and Terrorism Financing of the Republic of Estonia for transaction processed in Estonia) sets out the requirement for relevant businesses to establish and maintain appropriate and risk-sensitive policies and procedures relating to:

  • Customer due diligence
  • Reporting
  • Record keeping
  • Internal control
  • Risk assessment and Management (Risk Based Approach)
  • The monitoring and management of compliance, and
  • The internal communication of such policies and procedures, in order to prevent activities related to money laundering and terrorist financing.

These policies and procedures must:

  • Identify and scrutinise
  • Complex or unusually large transactions
  • Unusual patterns of transactions which have no apparent economic or visible lawful purpose
  • Any other activity which could be considered to be related to money laundering or terrorist financing
  • Specify the additional measures that will be taken to prevent the use of products and transactions that favour anonymity for money laundering or terrorist financing.
  • Determine whether a customer is a politically exposed person (see Annex for definition and further guidance).
  • Nominate an individual (MLRO) in the organisation to comply with, and receive disclosures under, Part 7 of the Proceeds of Crime Act (POCA) 2002 and Part 3 of the Terrorism Act (TA) 2000 (For transactions processed in Estonia: Nominate an individual (MLRO) in the organisation to receive disclosures requested by Prosecutor or Financial Intelligence Unit of Estonia (FIU Estonia) under the terms of Estonian Republic Criminal Law).
  • Ensure employees report suspicious activity to the MLRO, and
  • Ensure the MLRO considers such internal reports in the light of available information and determines whether they give rise to knowledge or suspicion or reasonable grounds for knowledge or suspicion of money laundering or terrorist financing.

The main principles encompassed by The Money Laundering Regulations 2017 and (Law on the Prevention of Money Laundering and Terrorism Financing of the Republic of Estonia for transaction processed in Estonia) can be described as Risk Based Approach (RBA). RBA requires a number of steps to be taken to determine the most cost-effective and proportionate way to manage and mitigate the money laundering and terrorist financing risks faced by the business. The steps are to:

  • Identify the money laundering and terrorist financing risks that are relevant to the business
  • Assess the risks presented by the particular:
  • Customers – types and behaviour;
  • Products and services;
  • Delivery channels, for example, cash over the counter, electronic, wire transfer or cheque;
  • Geographical areas of operation, for example, location of business premises, source or destination of customers’ funds;
  • Complexity and volume of transactions;
  • Design and implement controls to manage and mitigate these assessed risks;
  • Monitor and improve the effective operation of these controls and
  • Record appropriately what has been done, and why

Internal Controls and Communication

Money Laundering Regulations 2017 (Law on the Prevention of Money Laundering and Terrorism Financing of the Republic of Estonia for transaction processed in Estonia) requires businesses to have appropriate systems of internal control and communication in order to prevent activities related to money laundering and terrorist financing. In simple terms this means that businesses must ensure that management controls are put in place that will alert the relevant people in the business to the possibility that criminals may be attempting to use the business to launder money or fund terrorism, so as to enable them to take appropriate action to prevent or report it.

Systems of internal control and communication must be capable of identifying unusual or suspicious transactions or customer activity, of identifying transactions and business relationships specified in a direction issued by Bank of Lithuania and FCIS (LT) and enabling prompt reporting of the details to the MLRO.

The nature and extent of systems and controls that the business needs to put in place will depend on a variety of factors, including the:

  • Degree of risk associated with each area of its operation
  • Nature, scale and complexity of the business
  • Type of products, customers, and activities involved
  • Diversity of operations, including geographical diversity
  • Volume and size of transactions
  • Distribution channels.

The basis of the internal control process is well-defined authorisations, a segregation of duties, identification of clients, on-going due diligence, reporting suspicions, etc.

The PionPay regularly monitors changes in and compliance with relevant legislation and other legal requirements in order to mitigate money laundering and terrorism financing risks, as well as to make internal control system more efficient.

The Money Laundering Reporting Officer (MLRO)

The MLRO responsibilities include:

  • Receiving internal Suspicious Activity Reports (SARs) from staff
  • Deciding if disclosures should be passed on to FCIS Lithuania or/and the FIU Estonia
  • Recording all decisions relating to SARs appropriately
  • Reviewing all new laws and deciding how they impact on the operational process of the company
  • Preparing a written procedures manual and making it available to all staff and other shareholders
  • Making sure appropriate due diligence is carried out on customers and business partners
  • Ensuring staff receive anti-financial crime training when they join and that they receive regular refresher training
  • Monitoring business relationships and recording reviews and decisions taken
  • Making decisions about continuing or terminating trading activity with particular customers
  • Making sure that all business records are kept for at least five years from the date of the last customer transaction as per FCIS Lithuania or/and FIU Estonia regulations.

The MLRO is a person who has sufficient authority and autonomy in order to make the decisions required above.

Identifying the Customer

‘KYC’ - What does 'know your customer' mean?

KYC means obtaining information about a customer over and above the required ID.

The PionPay has implemented a KYC program to ensure all kinds of customers (natural or legal persons or legal structures) are subject to adequate identification, risk rating and monitoring measures. This program has been implemented throughout all PionPay divisions. The purpose of this is to reduce the risk of the PionPay being used for money laundering and financing of terrorism.

Multiple online directories of individual and business information are used to check all customer/client ID details before a full Individual or Business e-account is activated.

The following “Know Your Customer” procedures will be helpful in identifying prospective face-to-face or non-face-to-face customers who may present money-laundering and financing of terrorism risks. The PionPay applies a risk-based approach towards “know your customer” with reference to a customer’s geographic ties, chosen products and / or services. A risk-based approach is applied as low, medium or high. This risk-based approach indicates the risk of whether the given customer may use or will use the PionPay’s services and / or products for financial crime.

In all cases, prior to taking on a new customer or engaging in a transaction with a customer with whom we do not have well-established relationship, the PionPay completes sufficient due diligence to have confidence in the integrity of the customers and the lawfulness of the proposed transaction by following actions:

  1. Make reasonable efforts to determine the true identity of all customers and the legal and beneficial ownership of all accounts.
  2. Determine the customer’s citizenship, home and business addresses, occupation or type of business. Where appropriate, obtain supporting documentation.
  3. Inquire whether the customer will have the sole interest in the account or whether there will be other persons who will have access to it. Verify the identity of all such persons and engage in any necessary due diligence regarding such other persons.
  4. If the customer is not an individual;

    5. a. Determine the legal status (e.g., corporation, partnership or other form of entity).

    b. Determine whether the customer is regulated, either in the Lithuania or a foreign country.

    c. Determine all principal persons of the customer, such as officers and directors, or persons who have a substantial beneficial interest (i.e. own equal or more than 10% share in the company). PionPay shall ensure that corporate and other legal entities incorporated within their territory are required to obtain and hold adequate, accurate and current information on their beneficial ownership. This includes details of beneficial interests held.

    d. Obtain copies of all relevant organizational documents.

  5. Identify the source of the customer’s funds.
  6. Screen the customer for:

    7. a. Matches under the OFAC, UN, EU lists;

    b. Account holders from countries listed on the Financial Action Task Force (“FATF”), NCCT list found the FinCEN advisory list;

  7. Where appropriate, obtain information regarding the frequency with which the customer expects to transfer funds to or from the account, i.e. monthly, quarterly, or the nature of any third-party payments to or from the account;
  8. Where appropriate, obtain and contact reputable references, such as professionals and other members of the financial industry, banks, securities companies, etc.
  9. Government Officials and Foreign Bank Accounts.

Special procedures apply for accounts for the benefit of politically exposed persons (PEPs), including senior government and political figures, particularly from certain countries, and for accounts opened by or through foreign banks and for clients from countries or industries deemed high risk. The PionPay performs enhanced due diligence and on-going due diligence measures proportionate with the risk of the customer. High risk customers will therefore be subject to enhanced due diligence and on-going due diligence. On-going due diligence processes will be applied to all existing customers within a specific period that will be determined by whether they are defined as high, medium or low.

Inasmuch as this is not a regular part of the Company’s business, you must consult the MLRO before opening any account of this type. New PEP customers accept may only MLRO or Member of the Board of the Company.

Common Questions on KYC

What is a business relationship?

A business relationship is one which:

  • Helps in the carrying out of transactions on a frequent, habitual or regular basis and
  • Where the total amount of any payment to be made is not known, or capable of being known, at the outset. Just because your customer is a business does not mean you have a business relationship with them. A business relationship is when you treat a customer in a different way than the way in which you treat your one-off customers.
  • How will I know if the customer wishes to establish a business relationship? You must ensure that you obtain sufficient information about the nature of any new business you deal with, including the amounts of money involved and the expected frequency of transactions. At the first transaction, you should establish the:

    Reason for establishing the business with you,

    Nature and level of the activity to be undertaken and

    Origin and destination of the funds.

    You should also consider why the customer is using your services.

  • Why is evidence of identity important? In order to follow the trail of laundered money, law enforcement authorities need to know the names of people involved.
  • When is identification required?

    • You must confirm and retain the ID of any customer who:

  • Wishes to establish a business relationship with you involving frequent or regular transactions and the total value of transactions is not known at the start,
  • As mentioned above CDD should be carried out not only on all new customers but also at appropriate times to existing customers on a risk sensitive basis, or when relevant customer change, or when the obliged entity has any legal duty.
  • Conducts any transaction that you know or suspect might involve either the proceeds of crime or is to be put to criminal or terrorist use.
  • Do I need to check ID for small value transactions? You are obliged to check ID for small value, or limited transactions unless it is within a business relationship - provided money laundering is not suspected.
  • From whom should I take evidence of identification? Normally, you must take this evidence from your customer. In instances where your customer is or appears to be acting on behalf of someone else, you must obtain ID evidence from everyone in the chain.
  • What should I do when a customer wants to carry out a transaction that requires identification?

You should:

  • Check evidence of ID at the first transaction,
  • Where possible, retain a photocopy of the evidence or at the very least, record and retain information that would enable a copy to be obtained,
  • Check it on a regular basis and satisfy yourself that the customer is who they claim to be.
  • What are the best forms of identification evidence? The law states that you must satisfy yourself that the person is who they say they are. Some combinations of identification are:
  • Full passport or identity card and full driving license,
  • Full passport or full driving license and secondary identification or,
  • Full passport or official identity card and secondary identification.

Please note, all identification evidence must include the individual photographs

  • What if I am still not satisfied?

Where you are presented with insufficient evidence, you may decide to make additional checks by, for example, phoning a third party after asking your customer to nominate someone to vouch for them. The telephone number of the third party must be listed in the telephone directory.

If you are still not entirely satisfied with the identification presented to you, you should refuse the business and report to your MLRO, who will then decide whether to pass it on to FCIS Lithuania or / and FIU Estonia.

  • What checks should I make on the document evidence given to me?

You should:

  • Check the date of birth compared to the customer's appearance in the photo ID and
  • Compare spellings of names and addresses on each document.

Please discuss any abnormalities found in the results with the nominated Money Laundering Registration (MLR) officer.

  • What must I do when my customer is a company?

Where your customer or supplier is a limited company, you should identify the individuals who you deal with who have authority within that company to move funds, (not just cheque signatories) and obtain details of the company's:

  • Registered number, corporate name and any trading names used,
  • Registered address and any separate principal trading addresses,
  • Photo ID,
  • Profile check,
  • Check to validate the name, address and directors of the company. If the client registered is not a director of that company, then PionPay will ask a director of that company to sign a company member additional user form. This will then give the person that has registered authorisation to use and operate on behalf of that company.
  • How often should I update my customer's record of ID?

You need only update the evidence of ID if something has changed. For example, you may need to update their address details if they move. It is advisable that information held is reviewed on an annual basis, to ensure that it is still up to date/valid.

Record Keeping

You will need to hold all records of business transactions for at least five years from the date that the business relationship ends.

Why do we have to keep records for five years from the end of a business relationship?

It's the law. The purpose of keeping records is to enable law enforcement to reconstruct business transactions; often well after the original business has been concluded. In making and retaining records you should have in mind the need to provide a clear audit trail of the business you have conducted. The records that must be kept are:

  • A copy of, or the references to, the evidence of the customer’s identity obtained under the customer due diligence requirements as per the regulations
  • The supporting records in respect of the business relationships or occasional transactions that are the subject of customer due diligence measures or on-going monitoring.
  • Record of when the first client identification and verification took place, and how.
  • Documents justifying exemption from identification, if applicable.

In relation to the evidence of a customer’s identity, businesses must keep the following records:

  • A copy of the identification documents accepted and verification evidence obtained, or
  • References to the evidence of customer’s identity.

Transaction and business relationship records (for example, account files, relevant business correspondence, daily log books, receipts, cheques, and so on) should be maintained in a form from which a satisfactory audit trail may be compiled, and which may establish a financial profile of any suspect account or customer.

What is an audit trail?

An audit trail is a step by step record by which financial data can be traced to its source. In the case of money laundering the aim of establishing an audit trail is to trace the funds through to the first transaction (the placement) to identify the launderer.

What records do I have to keep?

The records that we keep must be sufficient enough to form a complete audit trail for customs officers to follow from the start of the transaction to the end; this is particularly important should the transaction later become part of an on-going investigation by law enforcement.

There are several different types of records we should keep:

  • A copy of the evidence of identification presented. Photographic evidence is particularly valuable.
  • Details of where the copies of identification can be found, which should be filed and easily recoverable. You must keep these records for at least five years from the date when the relationship with your customer finishes.
  • Business records. You must keep a record of all transactions, regardless of whether the ID of the customer or client needed to be verified, for five years.
  • All records of disclosures. Letters received from NCIS or any other correspondence with a law enforcement agency should be retained for at least five years. Please note: We retain Individual customer and business client records for at least a five-year period after the business relationship has ended.

Identifying Suspicious Activity

Having identified a customer and conducted the necessary due diligence, we will be in a good position to spot anything unusual with the customers, their actions, inactions or transactions.

Look out for any suspicious actions or activity at every dealing stage with the customer. For example, this can be an unusual remittance abroad or a transaction amount that is not in normal line of activity.

Reporting Suspicions

Anti-money laundering processes require a team approach. Money laundering issues are complex. The MLRO of PionPay should not attempt to shift through them alone and if the officer becomes aware of any suspicious circumstances, or have any questions, the officer should promptly consult with the MLRO and Compliance Team.

Suspicious activity reports – internal company process.

In the situation that an employee has suspicions about a customer and/or transaction, he must ensure that the company MLRO is notified about his suspicions as soon as possible.

Staff should use the internal ‘Suspicious Activity Report Form’.

The SAR should contain as a minimum the following information:

  • Details and identification data of all parties to the transaction
  • The owner of the monies in question
  • How the identity of the client was verified
  • A full description of the transaction
  • Reason for suspicion and supporting evidence
  • Details of any assets which are subject to international sanctions

If in doubt, the staff member should call the MLRO to discuss the reasons for their suspicion – however, they should be careful not to do this whilst the customer is standing in front of them or via any communication exchanged with the customer (they may ‘tip off’ the customer otherwise, see below).

The timing for submitting the internal SAR is important. The law states that an individual working in the regulated sector should make a report as soon as he or she becomes suspicious. This may mean either before the transaction takes place or immediately afterwards.

Where a staff member becomes aware that a customer wants to carry out a transaction which is suspicious and the timing for the transaction allows it, the staff member must ensure that ‘consent’ is given before processing the transaction. ‘Consent’ means that the company has sought and obtained approval from the FIU Estonia in case of transaction processed in Estonia to process the transaction and to Financial Crime Investigation Service FCIS Lithuania. Further information on ‘seeking consent’ is provided below.

However, staff may decide that there would be a danger that if they were to seek consent for a particular transaction (i.e. in advance of the transaction taking place) that there might be a danger that the customer would be ‘tipped off’. See below for more information on ‘tipping off’.

All staff members will have fully discharged their duties, and will have the full protection of the law, once a report of their suspicions has been made to the company MLRO.

Once the MLRO receives the internal SAR from the staff member, the MLRO has two options:

  • Report the SAR on to FCIS Lithuania and FIU Estonia in case of transaction processed in Estonia;
  • File an internal note indicating why, on the basis of review of the circumstances around the transaction, it is judged not necessary to make a report to FCIS Lithuania and FIU Estonia in case of transaction processed in Estonia;

The MLRO should complete the MLRO SAR Resolution form (see appendix for sample) in the event he decides not to make a report to FCIS Lithuania and FIU Estonia in case of transaction processed in Estonia.

‘Tipping Off’

Any staff member needs to make a judgement as to whether any delay to the transaction (‘consent request’) would have the effect of ‘tipping off’ the customer.

It is a criminal offence under POCA Part 7 or Estonian Republic Criminal Law for anyone, following a disclosure to the MLRO or FCIS Lithuania or FIU Estonia in case of transaction processed in Estonia, to do or say anything that might either ‘tip off’ another person that a disclosure has been made or in any way prejudice an investigation. The Terrorism Acts contain similar offences. This means that businesses must not tell a customer:

  • that a transaction was/is being delayed because consent from FCIS (LT) (FIU Estonia) has been requested;
  • that details of their transactions or activities will be/have been reported to FCIS (LT) or (FIU Estonia);
  • that they are being investigated by law enforcement.

In situations where delaying a transaction may inadvertently lead to ‘tipping off’, it will make sense to process the transaction and then ensure that a SAR is submitted to the Nominated Officer (MLRO) as soon as possible after. The staff member will have the protection of the law as soon as a SAR has been submitted to the Nominated Officer (MLRO).

If in doubt about whether to proceed with a transaction, the staff member should immediately contact the MLRO for advice.

Documentation

Supporting documentation is a cornerstone of our anti-money laundering and counter terrorism financing procedures.

Unrecorded steps are soon forgotten. Records assist in tracking relevant information and in demonstrating that the company/individual has conducted our business responsibly and with integrity. All interviews, searches and activities undertaken to verify integrity of transactions and persons must be documented and stored for reference by PionPay, if and when required by Principal, FCIS Lithuania.

All records must be kept for a minimum of five years after the business relationship with the customer ends.

Prohibited businesses, industries

The company has set itself the prohibition of the list of goods and services (industry):

  • Trade in monetary objects (banknotes) and stamps;
  • Provision of money services (e.g., cash desks, currency exchange offices, money transfer agents or other service providers offering money transfer opportunities);
  • Financial services related to loan restructuring, debt recovery, loan amendments, etc.;
  • Investment services and incidental investment services;
  • Reinsurance and insurance services;
  • Provision of cash-in-transit services;
  • Crypto currency production (mining);
  • Ponzi schemes; Financial pyramid;
  • Drugs and drug paraphernalia, narcotic or narcotic-like substances;
  • Operation of drug stores and pharmacies, trade in medications, patented drugs and pharmaceutical products;
  • Trade in tobacco products;
  • Trade in weapons and munitions;
  • Trade in jewelry, precious metals and precious gems;
  • Trade in antique items and art objects;
  • Illegal / pirated audio or video records;
  • Hosting, file copying, unlicensed IPTV;
  • Counterfeit (forged) goods;
  • Goods and services of sexual nature, Adult;
  • Intermediation in real property transactions;
  • Unofficial charity, political or religious organisations, ICO and Crowdfunding;
  • Binary Options;
  • Multi-level marketing (MLM);
  • Enter into/maintain business relationships with individuals or entities known or suspected to be a terrorist or a criminal organisation or member of such or listed on sanction lists;
  • Maintain anonymous accounts, accounts for shell banks or pay-through accounts;
  • Unlicensed gambling and betting.

Risk Based Assessment

The Company takes steps to identify and assess the ML and TF risks to which its operations are exposed.

When conducting the necessary risk assessment, the Company must take into account the risk factors associated with:

  • its customers;
  • the countries or geographic areas in which it operates;
  • its products or services;
  • its transactions;
  • its delivery channels.

For every Customer of the Company during onboarding or ongoing cooperation process, based on the previously mentioned points are assigned one of the risk categories: Low, Medium, High, Prohibited.

The Company determines the list of jurisdictions with which it does not cooperate, as well as the list of high-risk countries based on data from the FATF high-risk and other controlled jurisdictions, the Basel AML Index, the European Commission's list of high-risk third countries, EU and U.S. sanctions programs, etc.

Non-Cooperative Countries: Afghanistan, Albania, Belarus, Burundi, Burkina Faso, Bulgaria, Cameroon, Central African Republic, Congo D.R., Crimea and Sevastopol, Eritrea, Ethiopia, Gaza Strip, Guinea, Guinea Bissau, Haiti, Iran, Iraq, Jamaica, Kenya, Lebanon, Libya, Macao, Mali, Mozambique, Myanmar, Namibia, North Korea, Nicaragua, Nigeria, Pakistan, Philippines, Russian Federation, Senegal, Somalia, Sudan, South Sudan, Syria, Tanzania, Tunisia, Vietnam, West Bank (Palestinian Territory), Venezuela, Yemen, Zimbabwe.

High-Risk Countries: Armenia, Azerbaijan, Barbados, Bosnia and Herzegovina, Cayman Islands, China, Croatia, Cuba, Gibraltar, Jordan, Panama, South Africa, Turkey, Uganda, United Arab Emirates.