CoinPort Pty Ltd
Employee Onboarding Policies and Procedures Manual
Section 1: Pre-Employment Due Diligence & Onboarding
Version: 2.1a
Effective Date: 15-May-2025
Review Date: 15-Dec-2026

1.0 PURPOSE

This document outlines the mandatory procedures for onboarding new employees at CoinPort, an Australian licensed cryptocurrency exchange (ASIC and AUSTRAC regulated). It ensures compliance with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act), Privacy Act 1988, Corporations Act 2001, and other relevant regulations. The process is designed to mitigate risks related to fraud, insider threats, money laundering, and conflicts of interest.

2.0 SCOPE

This policy applies to all prospective and new permanent, temporary, and contract employees who will have access to CoinPort’s systems, data, or client funds.

3.0 POLICY STATEMENT

CoinPort will conduct thorough due diligence on all candidates prior to confirmation of employment. Onboarding will only proceed after satisfactory completion of all checks and mandatory training. Integrity, security, and regulatory compliance are paramount.

4.0 PRE-EMPLOYMENT DUE DILIGENCE PROCEDURES

4.1 Role Risk Assessment

  • Procedure: Prior to advertising, the Hiring Manager and the Chief Compliance Officer (CCO) will classify the role into one of three risk tiers:
    • Tier 1 (High Risk): Roles with access to live trading systems, client funds/wallets, private keys, AML/CTF systems, or senior management (e.g., Compliance Officers, Senior Developers, Finance Team).
    • Tier 2 (Medium Risk): Roles with access to sensitive client data or internal systems (e.g., Customer Support, Marketing, HR).
    • Tier 3 (Low Risk): Roles with minimal system access (e.g., Office Assistants).
  • Record: Risk tier is documented in the hiring requisition.

4.2 Mandatory Pre-Employment Checks

Checks are conducted by the Human Resources (HR) Department in coordination with the Compliance Team. Written candidate consent is obtained prior to all checks.

  • 4.2.1 Identity Verification: Submit certified copies of photo ID (Passport, Driver’s Licence) and proof of address. Verified against AUSTRAC AML/CTF Identity Verification standards.
  • 4.2.2 Right to Work: Confirm Australian work rights via VEVO check.
  • 4.2.3 Professional & Character References: Minimum of two referees, independently verified. For Tier 1 roles, one must be a prior direct supervisor.
  • 4.2.4 Qualification Verification: Certified copies of degrees/diplomas relevant to the role.
  • 4.2.5 Financial Regulatory Checks:
    • Australian Financial Services (AFS) Licence Check: Confirm if the candidate holds or has held an AFS licence or is a representative of one.
    • ASIC Banned and Disqualified Register: Mandatory check for all roles.
    • AUSTRAC Reporting Entity Check: For Tier 1 roles, check for previous roles at reporting entities and reason for departure where possible.
  • 4.2.6 Background Checks (via accredited third-party provider):
    • National Police Check: Mandatory for all employees. For Tier 1, a Financial Services Specific Check is required.
    • Bankruptcy & Insolvency Check: Mandatory for Tier 1 roles, recommended for Tier 2.
    • Digital Footprint & Social Media Basic Review: To identify publicly available information that may pose a reputational or security risk.
  • 4.2.7 Conflict of Interest Declaration: Candidates must complete a preliminary declaration disclosing:
    • Financial interests in other crypto/FinTech businesses.
    • Close relationships with existing CoinPort clients or competitors.
    • Any outside activities that may conflict with CoinPort duties.

4.3 Assessment & Approval

  • The CCO must review and approve all due diligence findings for Tier 1 roles before an offer is made.
  • For Tier 2 & 3, HR Manager approval is required, with a summary report to the CCO.
  • Any adverse findings (e.g., undisclosed criminal history, false qualifications, serious conflicts) must be escalated to the CEO and CCO for a risk-based decision. Employment may be rescinded.

5.0 FORMAL OFFER & ONBOARDING PROCEDURES

5.1 Employment Contract

  • Issue contract containing:
    • Confidentiality and Intellectual Property clauses.
    • Mandatory compliance with CoinPort’s AML/CTF Program, Code of Conduct, and IT Security Policy.
    • Ongoing obligation to report conflicts of interest and personal trading activity (for relevant roles).
    • Disciplinary action for policy breaches, up to termination.

5.2 Pre-Start Date

  • Provide Employee Handbook and core policy documents.
  • IT prepares equipment with Principle of Least Privilege (PoLP) access.

5.3 Day One Orientation

  • Welcome by HR and line manager.
  • Review of signed policies.
  • Issue of secure access devices (e.g., YubiKey) where required.

5.4 Mandatory Training (First Week)

Training completion is tracked and mandatory. Modules include:

  • CoinPort AML/CTF Program: Understanding reporting obligations, suspicious matter reporting (SMR), and customer due diligence.
  • Cybersecurity Awareness: Phishing, password management, secure data handling, and insider threat awareness.
  • Market Conduct & Insider Trading: Prohibitions on trading based on non-public information, personal account dealing rules.
  • Privacy & Data Protection: Handling of client personal information under Australian law.
  • Workplace Health & Safety & Code of Conduct.

5.5 Post-Employment Probationary Review

  • At 3 months, the line manager and Compliance conduct a review to confirm adherence to policies and suitability for the role.
  • For Tier 1 roles, a follow-up conflict of interest declaration is required.

6.0 ROLES & RESPONSIBILITIES

  • HR Department: Coordinate all checks, obtain consents, maintain secure records, conduct general orientation.
  • Compliance Team: Define check requirements, approve high-risk hires, oversee AML/CTF and compliance training.
  • Hiring Manager: Define role risk tier, conduct skills assessment, integrate new employee into the team.
  • Chief Compliance Officer: Final approval authority for due diligence, escalation point for adverse findings.
  • IT Department: Provision secure, role-based system access.

7.0 RECORD KEEPING

All due diligence records, consents, training certificates, and declarations will be stored securely in the employee’s confidential personnel file for a minimum of 7 years in accordance with Australian record-keeping obligations.

8.0 POLICY REVIEW

This policy will be reviewed annually by the CCO and Head of HR, or in response to regulatory changes.

Approvals:

Chief Executive Officer: Kent Kingsley Date: 15-May-2025

Chief Compliance Officer: Peter Cooney Date: 15-May-2025