Fill in the form

And we will contact you shortly

RULES OF THE INTERNATIONAL MONEY TRANSFER PAYMENT SYSTEM "LESKAR PAYMENTS"

PREAMBLE
A. These Rules of the International Money Transfer PAYMENT System "Leskar Payments" (hereinafter referred to as the "Rules") have been developed by the Limited Liability Company "1000562552 ONTARIO LTD.", (business name "Leskar Payments"), registered in accordance with the laws of Canada (hereinafter referred to as the "System Operator" or "Operator"), in order to establish uniform, transparent and effective conditions for the organization and operation of the International MONEY TRANSFER PAYMENT SYSTEM "Leskar Payments" (hereinafter referred to as the "System" or "IMTPS").

B. The Rules define the principles of interaction between the Operator and other IMTPS participants and their clients, regulate the procedure for making money transfers, including cross-border transactions, as well as establish standards for security, risk management and mutual obligations.

C. The system is a modern information technology platform that provides reliable and prompt exchange of financial messages and data on money transfers. The purpose of the System is to provide customers around the world with convenient, affordable and secure money transfer services.

D. By acceding to the Rules, the parties to the IMTPS confirm their agreement with the stated conditions and undertake to strictly comply with them in accordance with the applicable legislation, including the requirements for combating the legalization (laundering) of proceeds from crime and the financing of terrorism and the proliferation of weapons of mass destruction.

E. The Rules, together with the terms of the General Framework Agreement on participation in the System, form the basis for a trusting and effective relationship between all Parties, contributing to the smooth and proper functioning of the System.

Chapter 1. General Provisions

Article 1. Terms and Definitions
The terms used in the text of the Rules have the following meaning:
1) Agent – a legal entity that has the right to provide Money Transfer services in the country of the Agent's jurisdiction, at the interfaces or service points of which individuals or legal entities initiate money transfers or are their recipients, and which has entered into a General Framework Agreement with the Operator (taking into account the requirements of the national legislation in a particular jurisdiction) on participation in the System as an Agent;

2) The Executing Agent – a legal entity that issues a Money Transfer to the Recipient;

3) The Sending Agent shall mean a legal entity that accepts the Sender's application for execution of a Money Transfer;

4) Aggregator - a financial, fintech or payment institution which, by virtue of the legal status granted to it in the country of its jurisdiction, provides financial and technological services for the processing and execution of international transfers and payments, as well as for the provision of settlements through a special platform and a single interface. The Aggregator's platforms and services may be used by the Agents and the Operator of the IMTPS to ensure dispatch and execution international money transfers in those jurisdictions and with those banks, financial institutions, payment providers and other authorized market participants with which the Operator and its Agents do not have relations under the IMTPS;

5) Cancellation of Transfer – a procedure that provides for the reversal of entries and documents on an erroneously sent Money Transfer during the current operational day to eliminate the consequences of operational risk resulting from a failure of the System or an erroneous action of the Sender, in cases that make it impossible to credit the transfer;

6) Irrevocability of Transfer – Termination of the possibility of revoking an Electronic Message/Payment Instruction for a money transfer. A transfer becomes irrevocable at the moment when it is considered Completed, i.e. after the money is credited to the Recipient's account or disbursed in cash to the Recipient;

7) Non-cash Transfer – a money transfer made by the Sender without the use of cash, by crediting it to the Recipient's Bank Account;

8) Uninterrupted operation of the Payment System/Business Continuity of the System/BC is a complex property of the System, denoting its ability to prevent violations of proper functioning (including preventing the suspension (termination) of making or improper execution of money transfers), as well as to restore proper functioning in the event of its violation. Ensuring UOPS is carried out through risk management of the Payment System;

9) General Framework Agreement (GFA or Agreement) – an Agreement that establishes the general terms of cooperation between the Operator and the Agent or between the Operator, the Agent and the Settlement Bank and includes the Additional Agreements and all their Annexes;

10) Money Transfer/Transfer – Money Transfer initiated by the Sender and accepted for execution, as well as Completed by the Agent/Participant of the IMTPS or the Settlement Bank, while the Operator provides the System and infrastructure for the transmission of instructions, clearing and generation of data for the settlement. It can be carried out both by accepting non-cash money (using Bank accounts) and by accepting (disbursing) cash without opening a Bank accounts;

11) Additional Agreement or AA – an Additional Agreement to the Agreement (GFA) detailing the conditions for specific types of money transfers and being an integral part of the GFA;

12) Completion (finality) of transfer – the moment when a payment or money transfer is considered to be fully executed and cannot be changed or canceled by the System. The transfer is considered complete (final) after the money is credited to the Recipient's account or cash is issued to the Recipient;

13) Protected Information – Information constituting Bank Secrecy, including information on specific transfers, information on the amount of money received by the Operator under the Agreement, data on the volume of transactions carried out by the Operator, as well as other information related to the fulfillment of the terms of the Agreement and Additional Agreements, except for cases of transfer of data to authorized bodies in accordance with the legislation of the Agent's jurisdiction;

14) Transfer Modification – the procedure for correcting the sent Electronic Message for the issuance of a Money Transfer. Changes can be made only on the basis of the Sender's application to the details of the Recipient (full name), his other data or address;

15) Information Technology (IT) System – An interconnected network of hardware, software and communication technologies that allows the Agent, the Settlement Bank and the Operator to securely store data, process electronic messages, manage accounts and provide their Clients with a range of financial services;

16) Incident means an event or series of related events which were not planned by a payment service provider and which result in, or may result in, the reduction, impairment or disruption of any retail payment activity carried out by a payment service provider;

17) Client – Sender and Recipient;

18) Clearing – the process of identifying, verifying and transferring information on the claims and (or) liabilities of the Settlement Bank and Agents on a net and (or) gross basis on the Money Transfers, as well as full or partial termination of mutual claims and liabilities between the System participants arising as a result of the Money Transfers and/or mutual settlements, by offsetting financial positions;

19) Fee – the amount of money charged for the execution of a Money Transfer or related services, the terms of calculation and payment of which are determined by the relevant Additional Agreements;

20) Local Payment System (LPS) – A payment system created and operating within the framework of the legislation and under the supervision of the central (national) bank of one state, intended for making payments and (or) money transfers, as a rule, in the national currency of this country;

21) International Payment System (IPS) – a system of settlements between banks of different countries using common standards of payment means of this system;

22) International Money Transfer Payment System "Leskar Payments" (System or IMTPS) is a set of software and hardware that ensure the exchange of unified electronic messages of users, designed to organize, process and deliver information between the System Participants;

23) Proper functioning of the System – Functioning of the System in accordance with the requirements of the legislation of Canada and the place of registration of the System, the Rules, the GFA, determining the conditions and procedure for its operation;

24) Cash Transfer – a money transfer made by the Sender by transferring cash for its subsequent issuance to the Recipient in cash;

25) Net Position (or net position) – the final debit or credit balance arising after the set-off of all mutual claims and obligations between the Parties or between the System participants upon clearing;

26) Ensuring of System Uninterrupted operation is a coordinated activity of the Participants aimed at achieving, confirming and maintaining an acceptable level of risk of violation of the UOPS, which is understood as the probability of occurrence of adverse consequences for the UOPS at a given period of time, taking into account the amount of damage caused. Ensuring the UOPS is carried out through risk management of the Payment System;

27) Operator – 1000562552 ONTARIO LTD. Limited Liability Company, which performs the following functions within the System:
- the payment infrastructure operator, as well as the operations center, clearing center and System Agent in the country of its jurisdiction;
- organization, control and operation of the System;
- organization, control and ensuring the fulfillment by the Participants of their obligations on the procedure for working with the System;
- organization, control and provision of information exchange between the Parties to the System;

28) Transfer's Recall – cancellation of a Money Transfer that has not yet been credited to the Recipient, at the request of the Sender or at the initiative of the Operator in cases that make it impossible to credit the transfer;

29) Sender – a Person who initiates the sending of a money transfer without opening a Bank Account by transferring cash or sending money from the Bank Account in favor of the specified Recipient;

30) HSS means the Agent's hardware and software complex, which stores all the information necessary for making it through the Transfer System, including the Money Transfers accepted for transfer and paid;

31) AML/CFT (AML/CFT) - countering the legalization (laundering) of proceeds from crime and the financing of terrorism and the proliferation of weapons of mass destruction;

32) Recipient – a person who receives a Money Transfer through the Executing Agent, including in cash without opening a bank account;

33) Annexes – Annexes to the GFA and/or AA, which are an integral part of it (the GFA), detailing the terms of the GFA and/or AA;

34) Software "Leskar Payments"/SW – a set of software (software) of the System, which provides access of the Parties to the System, reception, transmission, concentration and distribution of information between them about Transfers and settlements between the Parties carried out in connection with the Transfers;

35) Rules (IMTPS (Rules)) – these Rules of the international money transfer PAYMENT system "Leskar Payments", developed by the System Operator in order to determine the conditions under which the Operator cooperates with legal entities when making money transfers, including cross-border money transfers, within the framework of the International Money Transfer System;

36) Settlement Bank – a legal entity that has entered into a General Framework Agreement with the Operator as a Settlement Bank. It shall be solely responsible for the final and irrevocable settlement of all net liabilities of Agents and Settlement Banks arising from clearing in the System;

37) Register shall mean the Register compiled in the form specified in the relevant Appendix to the Agreement, based on the information received in the Electronic Instruction and the Agent's Electronic Notification, containing information about the Transfers made by the Agent on the previous calendar day;

38) Consolidated Register/Consolidated Register of Credited Transfers shall mean a Register compiled in accordance with the form established by the Operator for the Settlement Bank and specified in the relevant Appendix to the Agreement based on the results of the Clearing;

39) Risk of Business Continuity interruption – the possibility of suspension (termination) of money transfers or improper execution of money transfers or violations of the legitimate interests of Agents, Settlement Banks, Aggregators, Customers due to an unfavorable combination of circumstances (occurrence of events) related to internal and external factors of the System functioning (risk factors for violation of the UOPS);

40) Settlement is a procedure for the settlement of financial obligations between the Agents, Settlement Banks of the System and the Operator, arising as a result of Money Transfers and determined based on the results of clearing. As a result of settlement, money is debited and credited between the accounts of settlement participants;

41) SW Synchronization – Updating of information contained in the Software, initiated by the Party or performed automatically according to a certain schedule;

42) CIPT (Cryptographic Tool) - A means of cryptographic protection of information (encryption);

43) Money Transfer Status – Information about the stage of execution of a particular Money Transfer, maintained by the Operator, available to the Agents of this transfer;

44) Parties – the Operator and the Agent or the Operator and the Settlement Bank;

45) Transfer Amount – the amount of money to be paid/credited to the Recipient by the Executing Party;

46) Super-agent — a legal entity that has the right to provide Money Transfer services and has its own network of Agents in the country of its jurisdiction and abroad, who, in turn, accept and execute applications from Senders for Money Transfers and issue them to Recipients with or without opening a bank account;

47) Agent's Account – the Agent's bank account opened with the Settlement Bank;

48) System Tariffs – the System of rates and commissions charged from the Sender for the provision of Services by the System and due to the Parties;

49) Transaction – an action or a set of interrelated actions initiated in a payment system and aimed at making a money transfer, payment or other financial obligation; this term is common to all transactions, including both money transfers between individuals and legal entities, as well as between legal entities, including those initiated for the purpose of payment for goods/works/services sold, including interbank transactions related to their processing;

50) Service Requirements – Requirements applied to the Operator to ensure uninterrupted functioning of the System, which is achieved subject to the provision of services to Agents and Settlement Banks in accordance with the requirements of applicable law, as well as the provisions of the Rules and documents of the Operator;

51) System continuity management – Identification of the provision of payment services that do not meet the requirements for the provision of payment services, ensuring the functioning of the System in case of disruption of the provision of payment services that meet the requirements for the provision of payment services, and restoration of the provision of payment services that meet the requirements for the provision of payment services, including the restoration of the provision of payment services in the event of suspension of their provision during the periods of time established by the Operator in the Rules;

52) System risk management – Organization of a risk management system in the System, risk assessment and management in the System;

53) System Services – Types of money transfers approved by the Operator, including the use of electronic means of payment from individuals for payment of money to individuals without opening an account (using payment cards of international payment systems). The Operator has the right to expand the list of System Services;

54) System participants: Agents, Operator and Settlement Banks;

55) Electronic Instruction shall mean an Electronic document drawn up on the basis of the Sender's application/instruction in written or electronic form, generated in the Software by the Sending Agent, containing an order to the Executing Agent to issue, credit, amend, revoke or cancel a Money Transfer;

56) Electronic message – an order/payment instruction in electronic form, drawn up on the basis of the Sender's application/instruction in written or electronic form, which is transmitted by the Sending Agent through the System to the Executing Agent for issuance, amendment, withdrawal or cancellation of the Money Transfer, and signed with an analogue of the handwritten signature of the Sending Agent;

57) Electronic Notification shall mean an electronic document generated in the Executor's Software and sent to the Sending Agent through the System about the receipt, issuance, amendment, cancellation, or revocation of a Money Transfer.

Article 2. Status of the Rules

2.1 The Rules are developed and put into effect by the System Operator. Regulation of organizational and technological interaction between Agents and Settlement Banks of the System, establishment of security standards and risk management are the exclusive prerogative of the System Operator.

2.2 The requirements in the above areas are the same for all Agents and Settlement Banks of the System, unless otherwise expressly provided by the Rules and/or the concluded GFA and AA.

2.3 The Rules establish:

principles of organization and functioning of the System;
principles of participation of Agents and Settlement Banks in the System;
procedure for servicing the Clients of the System;
grounds for the occurrence and procedure for the fulfillment of obligations of the Operator, Agent and Settlement Banks in relation to each other and to the Customers;
the procedure for settlements;
principles of interaction with other international and local payment systems, as well as with systems of interbank interaction;
other requirements necessary for the proper functioning of the System.

2.4 The Parties shall accede to the Rules by adopting them as a whole from the moment of signing the Agreement.

2.5 The Rules and tariffs that are part of the Rules are published in the public domain on the Operator's official website on the Internet at www.leskarpay.com. The interpretation of the Rules, as well as any non-contractual obligations arising out of or in connection with them, shall be governed by and construed in accordance with the laws of England and Wales. Any dispute arising out of or in connection with the Rules is subject to the exclusive jurisdiction of the Astana International Financial Centre Court (AIFC).

2.6 From the moment of conclusion of the Agreement with the Operator, the Rules become binding on the Bank.

2.7 Banks are responsible for non-compliance with the requirements of the Rules. Failure to comply with the Rules is one of the grounds for terminating cooperation with the Bank.

Chapter 2. Interaction of Agents with Clients

Article 3. Principles of participation and criteria for the selection of System Agents
3.1. Participation in the System is carried out on the basis of the State Registration Service.

3.2. The status of an Agent can be obtained by any organizations that, in accordance with the legislation of the state of their incorporation, have the right to transfer money and have concluded a State Registration Service.

3.3. Agents must meet the following criteria:
(a) financial: financial stability, determined in accordance with the Operator's methodologies; absence of overdue significant debts on payments to the budget in accordance with the legislation of the country of incorporation;
(b) technical: compliance of the Agent's technical equipment with the technological requirements of work in the System established by the Operator;
(c) organizational: the presence of a special unit or an authorized person in the Agent's structure to interact with the Operator; provision of qualified personnel by the Agent; readiness to provide the Operator with periodic reports on work in the System;
(d) Legal:

availability of legal confirmation of the Agent's status under the legislation of the state of its incorporation;
compliance with AML/CFT requirements established by the legislation of the country of incorporation;
no external influence on the Agent's management bodies;
compliance by the Agent with the Requirements for the protection of personal data;
absence of the Agent in the sanctions lists of the United States (OFAC), Canada, the European Union, the United Nations, the United Kingdom and other jurisdictions in which the Agent operates, as well as the Agent's verification of partners and all participants in transactions for the absence of their indication in the listed sanctions lists;
confirmation of the authority of persons interacting on behalf of the Agent to perform actions within the System.

3.4. The Operator has the right to establish additional requirements for the Applicant to join the System, including:
(a) confirmation of compliance with AML/CFT legislation;
(b) the submission of documents confirming its financial stability and impeccable business reputation;
(c) undergoing technical integration and testing of systems;
(d) the availability of licenses and/or permits required to carry out the relevant activities in the Applicant's jurisdiction.

3.5. The grounds for refusal to join the System may be:
(a) the Applicant's failure to meet the requirements set by the Operator;
(b) the Applicant provides incomplete or inaccurate information;
(c) the existence of risks related to the reputation of the Applicant or its activities that may be detrimental to the System or its participants;
(d) the existence of circumstances which, in the opinion of the Operator, may impede the proper functioning of the System or its compliance with the requirements of applicable law.

3.6. In case of refusal to join, the Operator shall send a reasoned refusal to the Applicant.

3.7. Principles of participation in the System:
(a) voluntariness. Participation is voluntary;
(b) security and continuity. Agents are obliged to take measures to ensure the security and uninterrupted functioning of the System within their area of responsibility;
(c) a single regulatory framework. Participants undertake to comply with the Rules and all internal regulatory documentation of the System, as well as the terms of the GFA;
(d) Mutual liability. Participants shall be liable for non-performance or improper performance of their obligations under the Rules and the GFA.

Article 4. Principles of organization and functioning of the System

4.1. Definition and purpose of the System.
(a) The System is a set of Agents, Settlement Banks and the Operator interacting in accordance with the Rules, GFA and other documents of the System.
(b) The purpose of the System is to organize the provision of money transfer services by the Agents, including cross-border ones, based on innovative technologies and methods of service not related to business or investment activities.

4.2. Participants and organizational structure
(a) The participants of relations in the System are the Operator, Settlement Banks, Agents, Aggregator and Clients. Each Party, including the Operator, has the right to act as a Sender and/or Executor of the transfer.
(b) The organizational structure of the System shall include:

Operator;
settlement banks;
Agents;
Customers.

4.3. Principles of functioning. The functioning of the System is based on the following principles:
(a) Open architecture. The system provides the ability to connect new Agents and integrate with various technological platforms, subject to compliance with the requirements of the Operator;
(b) centralized management. The Operator exercises centralized control, ensuring uniform standards and procedures for all Agents;
(c) manufacturability and safety. The Operator is obliged to ensure the reliability and uninterrupted operation of the System, including the redundancy of infrastructure components and daily data backup. Agents are obliged to take measures to prevent unauthorized entry and transfer of information about Transfers;
(d) a common regulatory and technical framework. All Agents are required to apply uniform standards, procedures and use software that meets the requirements of the Operator;
(e) the unconditionality of the Translation. The unconditionality of the Transfer occurs at the time of crediting money to the Recipient if the data about the Recipient coincide with the data in the presented identity document.

4.4. Procedure and Restrictions of Transfers.
(a) Transfers are made in compliance with the applicable laws, including, but not limited to, anti-money laundering (AML/CFT) legislation, currency regulation, sanctions restrictions and in accordance with the requirements of International Payment Systems (VISA, MasterCard and others), as well as Local Payment Systems (Elcart, KortiMilli, UzCard, HUMO and others).
(b) Information on Transfers is exchanged on a real-time basis. All Electronic Notifications and instructions become valid after their confirmation by the Operator.
(c) Transfers through the System may be subject to the following restrictions: by purpose, by currency and by amount, established by law and/or the Agreement.

Article 5. Time regulations for the functioning of the System and the work of Agents with Clients

5.1. The Operator ensures uninterrupted operation of the System 24/7 (24 hours a day, 7 days a week, including weekends and holidays).

5.2. Agents of the System are obliged to independently establish a time limit for their work with Customers, including service hours at their service points, and be responsible for its observance.

5.3. The Operator shall process electronic messages and execute payment instructions of the Agents related to money transfers continuously, around the clock, unless otherwise provided by the Additional Agreements or other documents of the System.

5.4. It is forbidden to carry out transactions in the System if it contradicts the time regulations for servicing Clients established by the Agent or the legislation of the jurisdiction in which the transaction is carried out.

5.5. The Operator has the right to establish technical breaks for routine and/or preventive maintenance. The Operator is obliged to notify the Agents of planned technical breaks at least 24 hours before their start. In case of emergency situations that require immediate intervention, notification can be sent as soon as possible after they are identified.

5.6. The Agent is obliged to ensure the availability of the necessary personnel and technical means to provide services to the Clients in accordance with its established time regulations.

5.7. The Client has the right to send and receive a money transfer at any time at which the Member's service point is available to the Client. The Operator guarantees the receipt and processing of electronic messages related to such transactions in accordance with the Rules.

Article 6. Procedure for making money transfers

6.1. General Provisions
6.1.1. Money transfers in the System shall be carried out on the basis of the Clients' (Senders') orders using the services of the System Agents, as well as the Operator and/or Aggregators engaged by the Operator in accordance with the Rules.
6.1.2. Transfers can be made with or without opening a bank account, in cash and/or non-cash form, as well as using payment cards and other payment technologies in accordance with additional agreements.
6.1.3. When making a transfer, the Sending Agent is obliged to ensure the receipt of all necessary information from the Client-sender, in accordance with the requirements of the law and the internal procedures of the System.

6.2. Procedure for sending a transfer
6.2.1. To send a transfer, the Client-sender shall contact the service point of the Participant-sender and provide identity documents and other information necessary for identification.
6.2.2. The Sending Agent is obliged to check the Client and his representative for being in the lists and lists provided for by the AML/CFT legislation for signs of a transfer without voluntary consent or as part of a fraudulent scheme, as well as in other lists available to the Agent.
6.2.3. The Sending Agent generates an electronic message (payment instruction) in the System containing information about the transfer, including the amount, currency, data of the Sender and the Recipient.
6.2.4. The System assigns a number to the Transfer to be communicated to the Sender by the Sending Agent in an application or in an SMS. The Sender may independently inform the Recipient of the transfer number, or the System may inform the Recipient about the transfer. Additional fees may apply for SMS.

6.3. Procedure for issuing a transfer
6.3.1. The transfer is considered available for delivery to the Recipient from the moment the Contractor receives the relevant electronic message from the Operator.
6.3.2. To receive the transfer, the Recipient shall contact the Executor's service point, provide identity documents and provide the information necessary to identify the transfer.
6.3.3. Cash transfer disbursement:
The Agent verifies the identity of the Recipient and the compliance of his data with the data specified in the electronic message, checks the Recipient against its sanctions lists, AML/CFT lists and for signs of fraud.
Upon successful verification, the Agent shall issue cash to the Recipient.
The transfer is considered to be issued from the moment of the actual transfer of money to the Recipient.
6.3.4. Issuance of a non-cash transfer:
The Agent or other authorized Agent credits the transfer amount to the account/card specified by the Sender.
The transfer is considered to be issued from the moment of successful crediting of money to the Recipient's account/card.
If money is credited to a payment card through the IPS infrastructure (for example, Visa, Mastercard, UnionPay), this operation qualifies as an Original Credit Transaction (OCT) or its equivalent in the relevant IPS.
The confirmation of crediting received by the Agent from the relevant bank or payment system is the final proof of the fulfillment of the transfer obligation.
6.3.5. Finality of translation and responsibility
The transfer is considered final from the moment of its issuance, that is, from the moment of the actual transfer of cash to the Recipient or from the moment of successful crediting of money to the Recipient's account/card. From that moment on, the translation is irrevocable.
The Agent is responsible for the proper and timely crediting of money to the Recipient. In case of non-fulfillment or improper fulfillment of obligations, the Agent is subject to the liability measures provided for by the State Registration Service.

6.4. Return of the transfer
6.4.1. The return of the transfer is carried out at the initiative of the Sender until it is issued to the Recipient.
6.4.2. To return the transfer, the Sender must submit a written application to the Agent-Sender's service point or an electronic application in the form established by the Operator. The application must contain:
(a) Sender's name and passport details;
(b) the number of the transfer and the date of the transfer;
(c) the exact amount and currency of the transfer.
6.4.3. The return of the transfer to the Sender is carried out by the Sending Agent as soon as possible after receiving the application, provided that the transfer has not yet been issued. The terms of refund may be set by the Operator.
6.4.4. The transfer fee when returning the transfer to the Sender is not refunded.

Article 7. Cancellation of a transfer

7.1. Cancellation is made at the initiative of the Operator or the issuing party, if the transfer cannot be credited/issued to the Recipient for technical reasons.

7.2. In case of cancellation of the transfer, the transfer fee is returned to the Sender.

Chapter 3. Tariffs, clearing and settlement

Article 8. Tariffs of the System

8.1. The Operator independently determines the tariff policy of the Ministry of Traffic and Rescue and unilaterally sets and unilaterally changes the tariffs for the services of the System with the obligatory notification of the Agent in the manner prescribed by the State Registration Service.

8.2. The cost of the System services is determined in the GFA.

8.3. The Agent places information about the System's tariffs on its resource and/or in a place easily accessible to Customers at its service point or otherwise informs the Clients about the System's tariffs, as well as requires the Sender to familiarize themselves and agree with them during the transfer process.

Article 9. Payment clearing and settlement mechanism

9.1 Clearing
9.1.1. The Operator performs the functions of clearing mutual monetary claims and liabilities between all Agents and the Settlement Bank of the System based on the results of Money Transfers for a certain period for the entire System as a whole.
9.1.2. This process involves aggregating and offsetting mutual claims and liabilities between the Agents and the Settlement Bank of the System, determining their net positions (final debit or credit balance after offsetting all mutual claims and liabilities).
9.1.3. At the end of each operational day, the Operator provides the Agent and the Settlement Bank with the Register, which is an unconditional basis for determining mutual financial obligations and their subsequent settlement.
9.1.4. The Operator does not carry out and does not participate directly in the final settlement and does not maintain correspondent accounts for Agents for the purpose of making the final settlement.

9.2. Settlement
9.2.1. The Settlement Bank shall be responsible for the final and irrevocable settlement of all net liabilities arising from clearing in the System, both for itself and for others operating in the jurisdiction (if any).
9.2.2. The final settlement of net positions determined by the Operator based on the results of clearing between the System Agents served by the Clearing Bank shall be carried out by the Settlement Bank by direct transfers of money to/from correspondent accounts opened by the Settlement Bank for the Agents, as well as accounts of the Settlement Bank with other financial institutions in other jurisdictions.
9.2.3. The Participating Bank undertakes to ensure the timely and full fulfillment of its obligations to pay the Agents and receive money from them on their net positions, using correspondent accounts and interbank interaction systems in its jurisdiction, if applicable.
9.2.4. The Agents authorize the Clearing Bank to initiate direct debiting of money from the Agent's account opened with the Clearing Bank to settle the Agent's obligations to other Agents and to the Operator.
9.2.5. The Settlement Bank shall regularly notify the Operator of the actual implementation of the Settlement to the Agent in the format and time established by the Operator in the System.
9.2.6. Principal amounts and payments received in favor of the Settlement Bank within the System shall be credited by the Bank by crediting all amounts and payments payable to the Agents' correspondent account with the Settlement Bank, and payment of payments, Fees for Transfers due from the Agent within the System in favor of the Settlement Bank and the Operator — by direct debiting from the same account.
9.2.7. The Agent undertakes to timely provide the Clearing Bank, as well as the Clearing Bank to the Agent, financial statements and other information at its request for the purpose of monitoring risks, including liquidity risk and credit risk.

9.3. Accounting of Transactions and reconciliation of mutual obligations.
9.3.1. The Operator provides the Consolidated Register to the Settlement Bank on a daily basis, which is the basis for determining financial obligations between the Operator, the Agent and the Settlement Bank.
9.3.2. The Settlement Bank shall reconcile the transactions carried out for the reporting period (daily on the working days of the Settlement Bank).
9.3.3. In disputable situations, the Register and the Consolidated Register are unconditional confirmation and written evidence of the existence of mutual claims and obligations of the Agents, the Settlement Bank and the Operator. In the event of disputes between the Participants about the fact and/or amount of payments made, the data of the System are the primary source of such information.
9.3.4. In case of discrepancies in the data on Money Transfers, the Operator, the Settlement Bank and the Agent shall reconcile and draw up the relevant act within three business days from the date of detection of discrepancies. Until the reconciliation is completed, mutual settlements on disputed transactions are suspended.

Chapter 4. Security and continuity

Article 10. Risk management in the System

10.1. The Operator has defined the organizational model of risk management of the System used in the System as independent risk management in the payment system by the Operator.

10.2. The Operator shall carry out general risk management in the System in order to ensure the efficiency and uninterrupted functioning of the System in accordance with the requirements of the authorized body for supervision of the financial market of the country of origin (incorporation), taking into account the specifics provided for by the Rules. The risk management system is a set of measures and ways to reduce the likelihood of adverse consequences for the uninterrupted functioning of the System.

10.3. The Rules establish the general principles of risk and incident management in the System and the responsibilities of the Agents. Detailed procedures, metrics and thresholds (including, but not limited to: incident significance criteria, availability targets, RTO/RPO, external notification procedure, message forms and templates, frequency of testing and independent reviews) are not included in the Rules and are fixed in the Operator's internal documents. The Operator has the right to accept such documents and update them in terms of the Agents' obligations.

10.4. The risk management system may include the following measures at the discretion of the Operator:
- determination of the organizational structure of risk management that ensures control over the Agents' compliance with the risk management requirements established by the Rules;
- determination of the functional responsibilities of persons responsible for risk management or the relevant structural units of the Operator;
- communication of relevant information about risks to the Operator's management bodies;
- determination of indicators of uninterrupted functioning of the System;
- determination of the procedure for ensuring the uninterrupted functioning of the System;
- determination of risk analysis methods in the System, including risk profiles;
- determination of the procedure for the exchange of information necessary for risk management;
- determination of the procedure for interaction in controversial, non-standard and emergency situations, including cases of system failures;
- determination of the procedure for changing operational and technological means and procedures;
- determination of the procedure for assessing the quality of the functioning of operational and technological means, information systems by an independent organization;
- determination of the procedure for ensuring the protection of information in the System;

10.5. Information security risk management in the System is carried out as one of the types of operational risk, the identification of which is carried out in accordance with the requirements and methods provided for by the requirements of applicable law. The provisions of this clause shall apply to information infrastructure facilities, the operation and use of which is ensured when making transfers in the System.

10.6. Risk management methods shall be determined by the Operator taking into account the specifics of the System organization, risk management model, payment clearing and settlement procedures, the number of money transfers and their amounts, and the time of final settlement.

10.7. The risk management system provides for the following risk management methods:
- settlement in the System until the end of the working day;
- establishment of maximum amounts (limits) of liabilities to financially stable participants with a low level of risk;
- Automated processing of orders: processing of orders/transactions is carried out automatically based on the technical time of receipt and valid checks of integrity, authorization and anomalies; if non-conformities are detected, postponement, retry or deviation is applied according to the Operator's internal procedures;
- rate-limits/velocity: in case of abnormal flows that pose a threat to the availability/stability of the service, the Operator has the right to temporarily throttle processing or partially suspend operations on a particular interface/Agent until the reasons are eliminated with notification of the Agent;
- risk-based service parameters: non-discriminatory parameters (thresholds for volumes/frequencies, requirements for confirmations) are applied to Agents, which are established according to the approved methodology and revised based on the results of the risk assessment;
- operational mode and service windows: the Operator sets and communicates to the Agents operational windows, maintenance windows and unavailability of specific services; Unsuccessful transactions are processed according to internal recovery/repetition procedures without the obligation to execute immediately outside of operational hours;
- Incident management: The Agent notifies the Operator without undue delay of incidents that may affect the services; The operator organizes response/recovery and external messages when required by the law;
- Participants ensure the readiness and cooperation of third parties engaged by them in terms of eliminating incidents and complying with the Rules; upon request, provide information necessary for the Operator to perform regulatory duties;
- other measures of operational control provided for by the Operator's internal documents communicated to the Agents.

10.8. Other methods of risk management include the assessment of the Agent by the Operator, in connection with which the Operator has the right, both before the start of the provision of services for the implementation of Transfers and at any time during the term of the Agreement with the Operator, to request information from the Agent for the financial analysis of the activities of the Agent and its affiliates. In the event of adverse changes in the Agent's activities, including payment discipline under the concluded contract, financial position, business processes, products or services, including information about which is received from the official media, the Operator has the right to suspend the Agent's participation in the System and/or require the Agent to provide additional security for the fulfillment of the Agent's obligations.

10.9. In case of publication of reports on the official website of the Agent or on the website of the supervisory authority, information about this shall be communicated to the System Operator by the Agent.

10.10. Identification and analysis of risks in the System shall be carried out by the Operator using the following elements of methods based on statistical and scenario analysis of the System functioning and corresponding to the following standards:

analysis, tracking and recording of the parameters of the Agents' work in the System;
accumulation and statistical analysis of information on non-standard, controversial and emergency situations, as well as other events of the System's risk realization;
assessment and retrospective analysis of the monitoring data of the UOPS indicators in order to identify patterns and develop measures to improve the functioning of the System;
analysis and assessment of risk factors affecting the uninterrupted provision of the System's services.

10.11. Risk analysis methods in the System ensure:
- identification and analysis of risks in the System, including the identification of events, the occurrence of which may lead to the occurrence of an incident (hereinafter referred to as the risk events), and the determination for each of the identified risk events of the risk value characterized by the probability of the occurrence of risk events and the value of the possible consequences of their occurrence (hereinafter referred to as the risk level);
- determination for each of the identified risks in the System of the level of risk available before the application of risk management methods in the System (hereinafter referred to as the level of inherent risk), as well as the maximum level of risk at which the restoration of the provision of payment services that meet the requirements for the provision of services, including the restoration of the provision of payment services in the event of suspension of their provision, shall be carried out within the periods of time established by the System Operator, and the estimated damage from which the System Operator is ready to accept without applying risk management methods in the System (hereinafter referred to as the level of acceptable risk);
- identification of risks in the System for which the level of inherent risk is higher than the level of acceptable risk (hereinafter referred to as the risks significant for the payment system);
- determination of the level of each of the risks significant for the System after the application of risk management methods in the System (hereinafter referred to as the residual risk level).

10.12. The Operator shall compile risk profiles in accordance with the requirements provided for in the regulatory documents of the authorized body for supervision of the financial market of the country of origin (incorporation) and revise (update) them at least once a year.

10.13. Within the framework of the risk management system, the Operator shall develop a methodology for risk analysis in the System in accordance with the above requirements. Participating banks independently develop their own risk analysis methodology. The effectiveness of the risk analysis methodology is assessed at least once every two years, as well as on the basis of the conclusions of audit companies invited by the Operator as necessary.

10.14. Communication of information about risks to the Operator's risk management bodies.
10.14.1. Information on the identified risks shall be immediately provided by the official (structural unit) of the Operator or the Agent responsible for risk management to the executive body and/or the sole executive body of the Operator or the Agent in the form of written reports on the results of inspections of the Operator's or the Agent's activities, containing a detailed description of the nature of the risk, the probable causes of its occurrence and possible consequences.
10.14.2. Information on the general level of risks of the System shall be brought to the attention of the Operator's Director at least once a year as part of the Consolidated Report by the Operator's official (structural unit) responsible for risk management.

Article 11. System Continuity
11.1. Indicators of the continuity of the System.
11.1.1. The UOPS indicators are determined in order to analyze the risk of UOPS violation, describe the risk profile of UOPS violation to make a decision on the need to change (adjust) measures to ensure UOPS, select specific measures necessary to achieve and maintain the acceptable level of risk of UOPS violation and identify the Participant responsible for their implementation.

11.2. Ensuring the continuity and management of the continuity of the System.
11.2.1. The Operator and Agents organize activities to implement the procedure for ensuring the UOPS within the framework of the internal risk management systems of their activities.
11.2.2. In order to manage the risks of violation of the UOPS in the System, the Operator requests and receives from the Agents the information necessary to manage the risks of violation of the UOPS. The Operator processes, systematizes, accumulates and stores this information. The Operator organizes the collection and processing of information used to calculate the UOPS indicators specified in the Rules (hereinafter referred to as the information on the System),
11.2.3. Each Agent is individually responsible for non-fulfillment/non-compliance with measures to ensure the UOPS.
11.2.4. The procedure for information exchange of Agents and documentary support of their activities to ensure the UOPS includes:
- a list of documents used by the Agents in the implementation of activities to ensure the UOPS, and the procedure for their compilation;
- the procedure for informing the Operator about the events that caused disputable, non-standard and emergency situations, including cases of system failures, the results of the investigation of these events, the analysis of their causes and consequences;
- the procedure for informing the Operator about non-fulfillment or improper fulfillment of obligations by the Agents;
- the procedure for collecting, documenting and statistical processing of primary information on the functioning of the System.

11.3. Methods of providing the UOPS by the Operator.
11.3.1. The Operator provides the UOPS by:
• performance of functions for independent risk management in accordance with the organizational model of risk management in the System;
• coordination of the Participants' activities to ensure the UOPS, the conduct of which is determined by the Rules. The Operator directly coordinates the activities of the Participants to ensure the UOPS in the following order:
• The Rules establish the basic requirements for the activity of Participants to ensure the UOPS and their implementation of risk management system measures. Participants are obliged to implement the established measures within the framework of their own risk management system, guided by, among other things, the requirements of the Rules;
• establishing the acceptable level of risk of UOPS violation;
• identification of risk factors for UOPS violation, determination of the degree and nature of the influence of these factors on the UOPS, assessment of the compliance of the risk level of UOPS violation with the maximum permissible level;
• monitoring of changes in the nature and extent of the impact of risk factors;
• investigation of events that caused operational failures, analysis of their causes and consequences;
• assessing the risks inherent in the Operator's activities to ensure the continuity of the System's operations;
• taking measures to eliminate or minimize the risks of violation of the UOPS.
• Participants may be subject to penalties provided for by the State Registration Service, use of interim measures, suspension of activities in the System (temporary or permanent) in case of non-compliance with the established level of ensuring continuity;
• establishment of a procedure for assessing the effectiveness of the risk management system of the payment system in order to improve it;
• assessment and monitoring of the financial stability of the Agents, factors that carry losses in the financial stability of the Agents, including potential ones that can lead to the loss of financial stability of the Agents in the future;
• control of compliance with the requirements of the Rules, contractual obligations, compliance with the procedure for providing the UOPS by Agents;
• conducting regular inspections of Agents for compliance with the conditions for money transfers, the requirements of the Rules; control over compliance with the conditions can be carried out by means of on-site inspections, and by sending a request by the Operator to provide the required information;
• control over the use of the name and trademarks of the System exclusively within the framework of concluded contracts, agreements and Rules;
• ensuring the preservation of the functionality of operational and technical means, information systems in case of failures, testing to identify deficiencies, taking measures to eliminate the identified deficiencies;
• bringing information about the emerging risks of violation of the UOPS to the Operator's management bodies;

11.4. Ways to provide the UOPS with Agents.
11.4.1. The provision of the UOPS by Agents is carried out by:
• assessing the risks inherent in its type of activity to ensure business continuity;
• taking measures to ensure compliance with the requirements of the System and proper fulfillment of the obligations assumed;
• informing the Operator about cases of non-provision or improper provision of services provided within the System, and events that caused operational failures, as well as about events that caused controversial, non-standard and emergency situations, including cases of system failures, about their causes and consequences;
• monitoring compliance with the Rules, agreements and conditions for money transfers;
• control over the use of the name and trademarks of the System exclusively within the framework of the concluded agreements and the Rules.

11.5. Procedure for collecting, documenting and statistical processing of primary information on the functioning of the System.
11.5.1. Agents collect, document and statistically process primary information on the functioning of the System. Primary information on the functioning of the System is collected in the form of electronic reports received from the Operator on a regular basis.
11.5.2. At the request of the Operator, the Agents shall provide primary information on the functioning of the System in electronic form (or in another format agreed with the Operator).
These reports are processed by the Payment System Operator and stored in electronic form. Based on the reports, the Operator analyzes the functioning of the System. Based on the results of the analysis, a report is generated with recommendations for improving the functioning of the System.
11.5.3. Primary information on the functioning of the System includes:
• information on the time of acceptance for execution, execution of orders to make money transfers of the Agents (including for each Settlement Agent who is the payer or recipient of money);
• information on the number and amounts of the said orders;
• other information on the functioning of the System provided for by the Rules.

11.6. The procedure for informing the Operator about the events that caused disputable, non-standard and emergency situations.
11.6.1. Informing the Operator by the Agents about non-fulfillment or improper fulfillment of obligations, non-standard and emergency situations, the results of the investigation of events is carried out by e-mail to the address members_support@leskarpay.com.
11.6.2. Information on non-fulfillment or improper fulfillment of obligations to make money transfers and other obligations within the System shall be brought to the attention of the Operator as part of reports within the framework of information exchange.

11.7. Requirements for the content of activities to ensure the UOPS carried out by the Operator and Agents.
11.7.1. As part of its activities to manage the risks of violation of the UOPS, the Operator shall:
• determination of the acceptable level of risks of violation of the UOPS on a regular basis in the context of categories of Agents;
• analysis of the risks of violation of the MFPS;
• the procedure for the selection and implementation of measures and methods aimed at achieving or maintaining an acceptable level of risks of violation of the UOPS;
• monitoring the risks of violation of the UOPS on a regular basis;
• organization of information interaction between Agents in order to manage the risks of violation of the UOPS;
• establishment of levels of payment services that characterize the quality of functioning of operational and technological means of the payment infrastructure, which must be provided by the Operator;
• developing, testing and reviewing action plans aimed at ensuring business continuity and (or) restoring the Operator's activities;
• development and control of the availability of action plans aimed at ensuring business continuity and (or) restoration of activities at the Operator, testing and revision of these plans;
• analysis of the effectiveness of measures to restore the provision of payment services that meet the requirements for the provision of services, and the use of the results obtained in risk management in the System;
• development and inclusion in the action plan aimed at ensuring business continuity and (or) restoration of activities aimed at managing the continuity of the System in the event of incidents related to the suspension of the provision of payment services or violation of the established levels of payment services in the following cases:
- the Operator's exceeding the time for restoring the provision of payment services in case of suspension of their provision more than twice within three consecutive months;
- violation of the Rules, expressed in the Operator's refusal to unilaterally provide services to the Agent (Agents), not related to the suspension (termination) of participation in the System in cases provided for by the Rules. The operator ensures the implementation of the above measures.

11.8. Requirements for Business Continuity and Recovery Plans of the Operator.
11.8.1. Business continuity and business resumption plans shall be developed by the Operator independently in accordance with the requirements of the Rules and determine the procedure for the implementation of a set of measures to prevent or timely eliminate the consequences of a possible violation of the Operator's normal functioning caused by unforeseen circumstances, as well as the procedure for reviewing and verifying (testing) the implementation of these Plans.

11.9. Procedure for interaction of Agents to ensure the UOPS.
11.9.1. The Operator organizes the interaction of the Agents to ensure the UOPS taking into account the following requirements. The Operator determines the procedure for interaction between Agents in the implementation of measures to manage risks and the continuity of the System, taking into account the organizational model of risk management in the System, determined in accordance with the requirements of applicable laws and the Rules. The procedure for information exchange in the detection of incidents is described in Chapter 18 of the Rules.
11.9.2. The Operator informs the Agents about the cases and reasons for suspension (termination) of the provision of payment services in the manner prescribed by the Rules.
11.9.3. The procedure for interaction of Agents within the System in emergency and non-standard situations is discussed in the Rules below.

11.10. Control over compliance with the procedure for ensuring the UOPS.
11.10.1. As part of monitoring compliance with the Rules, the Operator shall check the compliance of the Agents with the procedure for ensuring the UOPS, taking into account the following requirements.
The Operator shall determine the following procedure for monitoring compliance with the UPI and the Participants of the procedure for ensuring the UOPS.
The Operator controls the compliance of the Agents' documents with the procedure for ensuring the UOPS and, if non-compliance of the documents with the UOPS procedure is detected, sends recommendations to eliminate the identified inconsistencies.
In case of detection of a violation of the procedure for providing the UOPS with Agents, the Operator:
- informs the Agents about the violations revealed in their activities and sets the deadlines for eliminating violations;
- verifies the results of the elimination of violations and informs the Agents in whose activities violations have been identified about the results of the inspection.
11.10.2. The Operator determines the responsibility of the Agents for non-compliance with the procedure for ensuring the UOPS.

11.11. Procedure for changing operational and technological means and procedures.
11.11.1. The Operator has the right to change operational and technological means and procedures in the following cases:
• changes in the procedure for the provision of services or the type of money transfer services;
• in cases provided for by the applicable legislation and regulatory documents and/or recommendations of the authorized body for supervision of the financial market;
• within the framework of the risk management system;
• as a result of assessing the quality of the functioning of operational and technological means, information systems by an independent organization.
11.11.2. In the event that a change in operational and technological means and procedures by the Operator requires amendments to the Rules, the Operator shall make the appropriate changes in the manner provided for by the Rules. In the event that the change in operational and technological means and procedures by the Operator does not require amendments to the Rules, the Operator shall send to the Agents a notification of changes in operational and technological means and procedures with a description of such changes no later than 30 (thirty) calendar days before the date of entry into force of the relevant changes.
11.11.3. The Agent has the right to independently make changes to the operational and technological means and procedures for interaction with the System on the Agent's side if such changes do not contradict the Rules, applicable legislation and do not lead to a change in the procedure for the provision of money transfer services provided for by the Rules, as well as to the volume and nature of their provision by the Agent.

11.12. Procedure for assessing the quality of functioning of operational and technological facilities, information systems by an independent organization.
11.12.1. As a result of the assessment of the quality of functioning of the operational and technological means and information systems of the System by an independent organization, the Operator has the right to make a decision to change the operational and technological means and procedures of the System in the manner prescribed by the Rules.
11.12.2. The Agents have the right, at their own discretion and at their own expense, to assess the quality of functioning of operational and technological means and information systems on the side of the Agents with the involvement of independent organizations. The procedure for such assessment is determined by the Operator's internal documents. At the same time, the engaging party undertakes to sign a non-disclosure agreement with the engaged independent organization.

Article 12. Ensuring the protection of information in the System

12.1. General provisions on the protection of information in the System.
12.1.1. The Rules establish general requirements for the protection of information processed by the System Participants subject to mandatory protection in accordance with the applicable legislation (legislation of the country of incorporation), as well as protection in accordance with the Rules.
12.1.2. Information protection is ensured by the implementation by the System Members of legal, organizational and technical measures aimed at:

compliance with the confidentiality of information;
exercising the right of access to information in accordance with applicable law;
ensuring the protection of information from unauthorized access, destruction, modification, blocking, copying, provision and distribution, as well as from other illegal actions in relation to information.

12.1.3. Each Member of the System independently determines the procedure for ensuring information protection in accordance with the applicable legislation and the Rules and approves internal documents establishing specific requirements for information protection and the procedure for their implementation. In the event that the requirements of the Rules contradict the requirements of the applicable legislation, the provisions of the applicable legislation shall be used.
12.1.4. To carry out work on information protection and control (assessment) of compliance with information protection requirements, the System Participants may engage on a contractual basis organizations that have licenses for activities for the technical protection of confidential information and (or) for activities for the development and production of confidential information protection tools.
12.1.5. The System Participants shall ensure that third parties involved in the provision of money transfer services comply with the requirements for ensuring information security, taking into account the list of operations performed by them and the automated systems, software, computer and telecommunication equipment used.
12.1.6. Participants are obliged to review the current procedure for ensuring information protection when making money transfers in connection with changes in the requirements for information protection determined by the legislative acts of the country of origin (incorporation, Rules, changes in the requirements established in the Rules (for foreign Participants in accordance with applicable law) for information protection, identification of shortcomings in monitoring the implementation of the procedure for ensuring information protection, within the time limits specified in the regulatory documents.
12.1.7. In order to ensure the protection of information in the System, the System Operator shall:

develops a list of requirements for ensuring the protection of information in the System,

mandatory for all Members of the System;

check the System Members for compliance with the requirements when joining the System Rules in the role defined by the System Rules, as well as when changing the technological or organizational conditions of the System Participant's work in the System;
checks the System Members in terms of compliance with the requirements for information protection in the System.

12. 2. Information protected in the System.
12.2.1. The requirements for ensuring the protection of information established by the Rules when making money transfers are applied to ensure the protection of the following information (hereinafter referred to as protected information):

information on money transfers made, including information contained in notices (confirmations) regarding the acceptance of orders of the System Members for execution, as well as in notices (confirmations) regarding the execution of orders of the System Participants;
information on cash balances in bank accounts;
information contained in clients' money transfer orders, System Agents' orders;
information about money transfers made using payment cards;
information on payment clearing positions;
information necessary for customers to certify the right to dispose of money;
information on the configuration that determines the parameters of the operation of automated systems, software, computer facilities, telecommunication equipment, the operation of which is provided by the money transfer operator and used to carry out money transfers, as well as information on the configuration that determines the parameters of the operation of technical means for information protection;
key information of cryptographic information protection tools used in money transfers;
restricted information, including personal data and other information subject to mandatory protection in accordance with applicable law, processed when making money transfers.

12.3. Requirements for ensuring information security.
12.3.1. The requirements define the basic principles of information protection and are aimed at minimizing the risks of information security breaches.
12.3.2. Compliance with the Requirements when making money transfers is ensured by:
- selection of organizational measures for information protection; determination in internal documents of the procedure for the application of organizational measures of information protection; determination of persons responsible for the application of organizational measures of information protection; the application of organizational protection measures;
- implementation of control over the application of organizational measures for information protection; performing other necessary actions related to the application of organizational measures for information protection;
- selection of technical means of information protection; determination in internal documents of the procedure for the use of information security equipment, including configuration information that determines the parameters of operation of information security equipment;
- appointment of persons responsible for the use of technical means of information protection; use of technical means of information protection; implementation of control over the use of technical means of information protection; performing other necessary actions related to the use of technical means of information protection.
12.3.3. Participants of the System are obliged to ensure the protection of information when making money transfers in accordance with the requirements of the legislation of the country of origin (incorporation).
12.3.4. The requirements for ensuring the protection of information when making transfers are applied to protect the information specified in paragraph 12.2.1. of the Rules, as well as restricted information defined in the internal documents of the Operator and other Participants, processed when the Participants interact in the System.
12.3.5. Each Member of the System shall ensure compliance with the Requirements for ensuring information security, taking into account the list of operations performed by the Member of the System, and the automated systems, software, computer equipment, telecommunications equipment used, the operation of which is provided by the Member of the System.

12.4. Procedure for ensuring information protection in the System.
12.4.1. In order to ensure the protection of information in the System during storage, processing, exchange of protected information, the System Members shall ensure the implementation, including, but not limited to, the following measures:

compliance with organizational measures for information protection;
support for the vulnerability management program;
creation and maintenance of a secure network infrastructure;
monitoring of network infrastructure;
implementation and maintenance of measures to control access to protected information;
other measures aimed at improving the protection of information.

12.4.2. As part of the creation and maintenance of a secure network infrastructure, the Participants provide support for the configuration of firewalls for data protection, ensuring the analysis of information passing through them, as well as ensuring the restriction of direct access from the outside to the components of the System containing protected information.
12.4.3. The use of passwords and other default security parameters set by the software manufacturer is not allowed.
12.4.4. As part of the implementation of measures to support the vulnerability management program, the Participants are obliged to comply with the requirements established by the Rules for ensuring the protection of information from the effects of malicious codes, to ensure that all components of the System involved in the storage, processing and exchange of protected information use only the latest versions of software developed to counteract external or internal exploitation of vulnerabilities.
12.4.5. As part of the implementation of measures to implement and maintain measures to control access to protected information, the System Participants shall ensure the restriction of access and registration of persons who have access to protected information, including the following:
- access to protected information only to those persons who need such access to perform the functions assigned to them;
- providing access to each employee using a unique name, account, password and/or digital signature verification key to access protected information;
- restriction of access to material media containing protected information, strict control over their storage;
- immediate revocation of access when the person's authority to access the protected information is terminated.
12.4.6. As part of the implementation of measures to monitor the network infrastructure, the System Participants must control access to network resources and protected information, for which they organize monitoring of events related to access to network resources, record user actions necessary for the investigation and analysis of the causes of incidents, ensure the storage of event logs for at least one year, and in operational access for at least three months, provide scheduled and unscheduled (when changes are made) checks of systems, processes and software to maintain their security at the proper level.
12.4.7. When using the Internet to make money transfers, the System Agents ensure:
- application of organizational measures of information protection and (or) use of technical means of information protection designed to prevent access to the content of protected information transmitted over the Internet; unauthorized access to protected information at information infrastructure facilities using the Internet; unauthorized access to protected information by exploiting software vulnerabilities;
- reducing the severity of the consequences of impacts on information infrastructure facilities in order to create conditions for the impossibility of providing money transfer services or untimely money transfers;
- filtering of network packets during information exchange between computer networks in which information infrastructure facilities are located and the Internet.
12.4.8. Access to the Software is carried out using personalized accounts. Passwords for accounts must comply with the internal requirements of the Agents, while the following must be ensured:
a) use of at least 12 characters in the password (must contain: capital and uppercase letters, numbers, special characters);
b) the minimum password validity period is 15 minutes;
c) the frequency of password change at least once every 60 days with a ban on the use of any of the 7 previous passwords;
d) in case of two-factor authentication, the validity period of passwords can be extended, by agreement of the parties, up to one year;
e) password protection during storage and in the process of operation.
12.4.9. Agents of the System are prohibited from using non-personal accounts and administrative accounts to create transfers in the System. Passwords for administrative accounts must be changed from the standard and meet the following requirements:
a) use of at least 14 characters in the password (must contain: capital and uppercase letters, numbers, special characters);
b) frequency of password change at least once every 30 calendar days with a ban on the use of any of the previous passwords;
d) in case of two-factor authentication, the validity period of passwords can be extended, by agreement of the parties, up to one year;
c) protection of the password during storage and in the process of operation.
12.4.10. Agents ensure the participation of persons responsible for ensuring information security in the System in the development and approval of technical specifications for the creation (modernization) of information infrastructure facilities.
12.4.11. Agents of the System ensure the implementation of the prohibition of the use of protected information at the stage of creation of information infrastructure facilities.
12.4.12. At the stages of operation and decommissioning of information infrastructure facilities, the System agents ensure:
a) implementation of the prohibition of unauthorized copying of protected information;
b) protection of backups of protected information;
c) destruction of protected information in cases when the specified information is no longer used, with the exception of protected information moved to archives, the maintenance and preservation of which are provided for by the requirements of the applicable legislation and the Rules;
d) destruction of protected information, including information contained in archives, in a way that ensures the impossibility of its restoration.
12.4.13. Agents of the System provide the possibility for the client to suspend (block) the acceptance for execution of orders to make money transfers on behalf of the specified client.
12.4.14. Agents of the System shall ensure accounting and control of the composition of the software installed and (or) used on computer equipment.
12.4.15. Agents of the System develop and apply organizational measures for information protection, which shall include, among other things:
the presence of an information security policy;
identification of persons responsible for ensuring information security;
availability of the necessary documentation and regulations for the operation of software and hardware;
the procedure for the use of technical means of information protection, including information on the configuration of technical means of information protection, determining the parameters of their operation;
procedures for monitoring the actions of users of information systems;
procedures for managing changes in automated information systems;
the procedure for accounting, use and storage of documents and information carriers;
organization and procedure for archiving and backing up information;
procedure for action in abnormal (emergency) situations;
procedures for granting and distributing user rights;
activities to raise user awareness in the field of information security.
12.4.16. The procedure for applying organizational measures to protect information is determined by the internal regulations of the Agents.
12.4.17. The composition of technical means of information protection shall be formed by the System Participants based on the approved threat model in accordance with the identified current threats, and shall include (but not limited to) the following means:

identification and authentication;
physical access control;
intrusion detection;
security control (analysis);
delineation of user powers;
protection against unauthorized access;
ensuring the integrity of information;
cryptographic protection of information;
anti-virus and spam protection;
firewall and traffic filtering;
Log user actions.

12.4.18. When operating information infrastructure facilities, the System Participants shall ensure:

protection of electronic messages from distortion, falsification, redirection, unauthorized familiarization and (or) destruction, false authorization;
control (monitoring) of compliance with the established technology for the preparation, processing, transmission and storage of electronic messages and protected information at information infrastructure facilities;
authentication of incoming electronic messages;
mutual (two-way) authentication of participants in the exchange of electronic messages;
restoration of information on cash balances on bank accounts, information on electronic money balances and data of payment card holders in case of deliberate (accidental) destruction (distortion) or failure of computer equipment;
reconciliation of output electronic messages with the corresponding input and processed electronic messages when making settlements in the System;
detection of falsified electronic messages, including imitation by third parties of customer actions when using electronic means of payment, and the performance of transactions related to money transfers by an intruder on behalf of an authorized client (substitution of an authorized client) after the authorization procedure has been completed.

12.4.19. To the extent not established in the Rules, the System Participants, guided by the applicable legislation, independently determine the procedure for ensuring information protection when performing their functions in the System when making money transfers, including determining the composition and procedure for the application of organizational information protection measures, the composition and procedure for the use of information security equipment, including information on the configuration of information security equipment, determining the parameters of their work, the procedure for registration and storage of information on paper and (or) in electronic form, containing confirmation of the implementation of the procedure for the application of organizational measures for information protection and the use of technical means of information protection.
12.4.20. In order to ensure the protection of information in the System, the System Participants are obliged to:

comply with applicable laws, requirements and other regulatory authorities aimed at preventing money transfers without the consent of customers.
upon receipt from the Operator of the notification provided for in clause 18.6. of the Rules, immediately on the day of receipt of the notification, request from the Client confirmation of the resumption of the execution of the money transfer order. Based on the results of interaction with the Client, immediately inform the Operator about the resumption of the transfer execution or withdraw the transfer.
comply with the requirements of the System Operator to ensure information security;
identify incidents related to violations of information security requirements and promptly respond to them;
inform the System Operator about cases of information security violations and measures taken to eliminate them;
upon receipt of a request from the System Operator to eliminate violations within a period of no more than 30 (thirty) days to eliminate all violations and notify the System Operator of the fulfillment of the requirements;
carry out measures aimed at identifying threats to information security, and take measures to prevent the identified threats;
analyze the vulnerabilities of information systems, monitor the applicable legislation in the field of information protection and take measures to improve the methods and means of information protection.
use the information identified by the Operator on technical data describing computer attacks aimed at the objects of the information infrastructure of the Operator and (or) its customers in relation to its infrastructure in order to prevent money transfers.
inform the Operator of the contact details of the department/person responsible for countering money transfers.

12.4.21. The System Operator performs the following additional functions to ensure the protection of information in the System:

creates a system for identifying and monitoring money transfers in the payment system based on information about transfers;
provides access to the System Agents to the system for detecting and monitoring money transfers in the payment system in order to identify and monitor money transfers;
informs the Agents about the detection of incidents in the payment system related to violations of the requirements for ensuring the protection of information when making money transfers, by posting information on the official website on the Internet www.leskarpay.com;
ensures confidentiality, integrity, authenticity and availability of information about all Agents of the System at all stages of its processing and transmission;
performs procedures for the secure distribution of cryptographic keys used in the processing and transfer of information between the System Agents;
ensures the use of electronic signatures for incoming and outgoing electronic documents;
controls the exchange of authorization and clearing messages in order to timely identify security threats in the System and individual System Participants;
informs the System Participants about threats to the security of the System and proposes measures to prevent these threats.

12.4.22. The system for identifying and monitoring the Client's money transfers is based on specialized anti-fraud solutions that are implemented by the Agent and the processing center of the payment system. These decisions contain a set of rules on the basis of which the decision to block the Transfer is made. The Rules take into account the peculiarities of the Client's behavior, the geography of his operation, the boundary conditions (limits) for transactions, data on the device from which the operation is carried out, the time intervals of the operation and other criteria. The rules are formed by the developer of the anti-fraud solution and/or the Operator. Also, information from the database about attempts to transfer money without the client's consent is uploaded to anti-fraud systems.
12.4.23. In case of blocking of a transfer, depending on the specific system, the responsible persons of the Agent and the Operator are immediately sent a corresponding notification. Transfer systems provide for obtaining additional confirmation from the initiator of the transfer, on the basis of which a decision is made to cancel the stopped transfer.
12.4.24. In case of detection of a money transfer without the Client's consent by the System Agent, the latter cancels this transfer by means of the transfer system or informs the responsible person of the Operator about such transfer using contact information (e-mail address and/or phone number) provided by the Operator to the Participant.
12.4.25. Agents of the System are obliged to improve methods, procedures, hardware and software, to ensure compliance with the requirements in the field of information protection imposed by the applicable legislation of the authorized executive authorities, and the Rules, taking into account the changing and improving threats to information protection when making money transfers.
12.4.26. Agents of the System are obliged to have a structural unit or appoint a responsible person (employee) responsible for organizing and monitoring information protection in the System in accordance with the requirements of applicable legislation governing this area of activity (hereinafter referred to as the Structural Unit for Information Protection). The responsible person is endowed with the necessary powers and provided with the necessary resources to ensure information security. The Agent notifies the Operator about the responsible employee, his contact details, including full name, phone number and e-mail by an official letter. In the same letter, the Agent notifies the Operator of the external IP addresses used by the Operator to connect to the Software. In case of a change in the responsible employee or a change in the list of IP addresses, the Agent is obliged to notify the Operator no later than 7 days in advance.
12.4.27. The structural unit for information protection shall be vested with the necessary powers and provided with the necessary resources to ensure the protection of information.
12.4.28. Structural subdivision for information protection and structural subdivision for informatization (automation) shall not have a common head.
12.4.29. The structural unit for information protection carries out planning and control of ensuring the protection of information when making money transfers, for which it is vested with the following powers:

to control (monitor) the implementation of the procedure for ensuring the protection of information when making money transfers;
determine the requirements for technical means of information protection and organizational measures of information protection;
monitor the compliance of the System Agent's employees with the requirements for ensuring the protection of information when making money transfers;
participate in the investigation of incidents related to violation of the requirements for ensuring the protection of information during money transfers, and propose the application of disciplinary sanctions, as well as send proposals for improving information protection methods;
participate in actions related to the implementation of the requirements for ensuring the protection of information during money transfers, used when restoring the provision of payment system services after failures and failures in the operation of information infrastructure facilities.

12.4.30. Agents of the System shall ensure the registration of persons who have the rights to:
a) on the formation of electronic messages containing instructions for money transfers (hereinafter referred to as electronic messages);
b) access to protected information;
c) cryptographic key management;
d) on the impact on information infrastructure facilities, which may lead to a disruption in the provision of money transfer services.
12.4.31. Agents of the System shall ensure the implementation of the prohibition of one person to perform the following roles at one time:
a) roles related to the creation (modernization) of an information infrastructure facility and the operation of an information infrastructure facility;
b) roles related to the operation of the information infrastructure facility in terms of its intended use and the operation of the information infrastructure facility in terms of its maintenance and repair.
12.4.32. Agents of the System are obliged to ensure that their employees are informed about the possible risks of obtaining unauthorized access to protected information for the purpose of money transfers by persons who do not have the right to dispose of this money, and recommended measures to reduce them.
12.4.33. Failure to comply with the requirements for the protection of information received by the Agent in connection with the performance of the functions assigned to him in accordance with the Rules, which led to the illegal disclosure/compromise of the specified information, is a material violation of the Rules and the basis for the Operator to take enforcement measures provided for by the Rules.
12.4.34. In case of detection of violations, the System Operator has the right to send a request to the System Agent to eliminate violations, and in case of repeated violation of information protection requirements within the last 12 (twelve) months or inaction, to take measures up to the suspension/termination of the Agent's activities in the System. If such violation of information protection requirements endangers the security of other System Agents, the System Operator shall have the right to suspend the Agent's activities in the System without prior notice until such violations are eliminated or to terminate its activities within the System.
12.4.35. At the request of the Operator, but at least once every two years, the System agents shall send information to the Operator for the purpose of analyzing the provision of information protection in the payment system when making money transfers.
12.4.36. Within the framework of the risk management system in the System, the Operator shall additionally determine the procedure for ensuring the protection of information in the System for money transfer operators who are Agents (hereinafter referred to as the requirements for ensuring the protection of information in the System). The requirements for ensuring the protection of information in the System are determined in relation to the following activities that the Agents are obliged to perform:
- management of information security risk (hereinafter referred to as IS as a System Agent) as one of the types of operational risk;
- establishment of the composition of indicators of the level of information security risk in the System (the System Operator recommends setting at least two indicators: the number of incidents of information security violation and the amount of losses from information security risk incidents);
- implementation of processes for identifying and identifying information security risk in the System in relation to the information infrastructure facilities of the System participants involved in the operation in the System, including but not limited to the following methods (if applicable):
- analysis of the database of operational risk events, including IS risk events (hereinafter referred to as the Event Database);
- conducting an annual self-assessment of the level of operational risk, including information security risk, and forms (methods) of control aimed at reducing its level, based on formalized questionnaires;
- analysis of the dynamics of quantitative indicators aimed at measuring and controlling the level of operational risk, including information security risk, at a certain point in time (key risk indicators);
- analysis of information of the organization's employees obtained as part of the initiative informing the Risk Management Service and (or) the Internal Audit Service by the organization's employees;
- analysis of other external and internal sources of information and methods of identifying risks.
The results of the IS risk identification procedure are used to carry out procedures for qualitative assessment of the level of IS risk and correct accounting of the relationship between the identified IS risk and risk events.
The processes of identifying and identifying information security risks should be aimed at identifying events, actions, conditions that may affect information systems and business processes that implement payment services within the System, as well as determining possible consequences, analyzing the causes and sources of information security risk events;
Identification and analysis of information security risk in the System includes the identification of risk sources and events, the occurrence of which may lead to the occurrence of an incident (risk event), and the determination of the risk value for each of the identified risk events, characterized by the probability of the occurrence of risk events and the value of possible consequences of their occurrence; analysis of penetration capabilities, when testing each area, the process of responding to information security incidents and the ability to restore performance, in case of possible compromise of the security of IT systems, is assessed; use of specialized software to identify software and hardware vulnerabilities; continuous monitoring of information security events;
Implementation of processes for responding to information security incidents and restoring the normal functioning of information infrastructure facilities in the event of information security incidents. Restoration of the normal functioning of information infrastructure facilities in the event of information security incidents is a sequence of actions developed in accordance with an approved internal document and directly depends on the specifics of the information system and the causes of the incident (for example, the method of attack used).
The main objectives of the incident response process are:
- prevent or minimize the consequences of an incident while maintaining business continuity within the System;
- to ensure effective and timely restoration of operability (normal functioning) of information resources;
- to increase the level of information security in the organization and the efficiency of incident management;
- implementation of interaction in the exchange of information on information security incidents;
- Work on the development, certification and (or) conformity assessment in relation to the application software of automated systems and applications, including payment applications provided by payment application providers to customers of money transfer operators who are Agents of the System, shall be carried out taking into account the requirements of applicable law.
12.4.37. Procedure, forms and terms of informing System Agents about incidents identified in the System related to violations of information security requirements when making money transfers, procedure for interaction in case of detection of the above incidents in the System. Incidents in the field of information protection include events related to violation of the requirements for ensuring the protection of information when making money transfers, which have led or may lead to money transfers without the consent of the client, failure to provide money transfer services.
The System Operator shall establish appropriate requirements for the content, form and frequency of submission of information sent by the Agents for the purpose of analyzing the provision of information protection in the System when making money transfers, as well as for the purpose of interaction in case of detection of incidents in the field of information protection (information is provided only in relation to activities within the System):

Table of Contents

Shape

Periodicity

1) on the implementation of

requirements for collateral

information protection, including

results of the

Conformity Assessments

Official letter

and/or an e-mail survey

form carried out by the System Operator

at the request of the Operator

Systems 1 every two years

2) on the implementation of the procedure

protection

information

Official letter

and/or an e-mail survey

form carried out by the Operator

Systems

at the request of the Operator

Systems 1 every two years

3) on the identified threats

and vulnerabilities in the provision of

Data Protection

online in

Parts:

unauthorized

Non-Consent Transactions

client - message on

e-mail, call -

with

detection

4) on the identified

incidents related to

violations of the requirements for

protection

information

online in

Parts: Unauthorized

Non-Consent Transactions

client - message on

e-mail, call -

with

detection

5) on the applied CIPT Official letter No later than 10 (ten)

working days from the start of the

the use of CIPT or

changes in the CIPT, or by

at the request of the Operator.

Official letter

No later than 10 (ten)

working days from the start of the

the use of CIPT or

changes in the CIPT, or by

at the request of the Operator

12.4.38. The System Operator shall determine the following requirements for interaction in case of detection of incidents related to violations of the requirements for ensuring information protection when making money transfers within the System:

Incidents:

Actions of the Agent, UPI Operator

Operator's actions

1. Upon detection

incidents.

Provision:

- informing its own information services

on the detection of incidents;

- registration of identified incidents;

- application of organizational measures for information protection, and

(or) the use of technical means of information security,

designed to identify incidents;

- responding to identified incidents, including appeals

to law enforcement agencies in case of detection of

transfer of money by order of persons who do not

who have the right to dispose of this money;

- analysis of the causes of identified incidents,

assessing the results of incident response;

- informing the System Operator in the operational

the procedure for the identified incidents, in the form of a monthly report;

- Implementation of the restoration of normal functioning

information infrastructure facilities.

Takes actions that are possible and available in the circumstances

by:

- minimizing the consequences of identified incidents;

- to prevent the possibility of using money by the Recipients when

detection of money transfers by order of persons who do not

who have the right to dispose of this money (if necessary,

The System Operator contacts the Agents using the specified contacts; decides whether it is necessary to block Agents in

system, cancellation, blocking of transfers, suspension of settlements and

other decisions);

- verification of compliance with information protection requirements on the part of the Operator

System and compliance with requirements for processing transfers;

- informing the Agent about the results of the

actions.

The System Operator shall analyze the information received in order to ensure information protection in the System, formulate, if necessary, recommendations for improving information security, and also make changes to the information protection requirements based on the analysis.

2. Upon detection

of the fact of compromise

key information

cryptographic

Data Protection

used in money transfers

funds.

informing the System Operator through channels

Blocks the Agent's ability to make transfers in the System.

3. When a malicious

code or the fact of the impact of malicious

code

Ensure that preventive measures are taken

malicious code distribution and remediation

impact.

If necessary, suspend the implementation of

money transfers for the period of elimination of the consequences

malicious code infection, as well as the consequences of other

impacts.

Provide prompt informing of the Operator

Systems at info@leskarpay.com

After receiving a message from the Agent,

temporarily suspends the Agent's work in

System. Suspends settlements, also temporarily suspending the Agent's work,

making calculations.

In case of problems in the functioning of the System

carries out mailing through the agreed communication channels.

In the event of malicious code or exposure

malicious code within the System, the Operator shall inform

Agents through agreed channels

connections.

The Operator shall ensure the accounting and availability for the Information System Agent:
■ incidents identified by the Operator related to violations of the requirements for ensuring the protection of information during money transfers;
■ information is sent through the agreed communication channels on a monthly basis in the presence of incidents, the absence of sent information is recognized as the absence of incidents;
■ on the methods of analysis and response of the Operator to incidents related to violations of the requirements for ensuring the protection of information during money transfers; The analysis methodology consists in the collection, generalization of information, analysis of information on the causes of incidents for compliance with the requirements of applicable legislation and the Rules; Incident response techniques are described in Section 14.4.37. of the Rules.
Based on the accumulation and accounting of experience in responding to information security incidents and restoring the functioning of the System after their implementation, in order to reduce the IS risk, the System Operator implements improvement mechanisms in terms of ensuring accounting and availability for money transfer operators that are Agents of information on:
- information security incidents identified in the payment system;
- methods for analyzing and responding to information security incidents.
12.4.39. For System Agents, the application of paragraph 14.4.35. of the Rules is possible by agreement of the parties, otherwise the Agents act in accordance with applicable law.
12.4.40. In case of non-compliance of the System Agent with the indicators of the level of information security risk, negotiations are held with this Agent in order to develop an action plan to bring the Agent's activities in line with the established requirements.
12.4.41. Restrictions established in accordance with paragraph 12.4.35. of the Rules are removed if the System Agent submits a report on the elimination of the identified deficiencies. The System Operator shall have the right to require the System Agent to conduct an extraordinary audit with the involvement of a third-party organization for compliance with the information protection requirements.

Article 13. Use of CIPT

13.1. The Rules, as well as agreements concluded between the System Agents, use CIPT or software and hardware containing cryptographic information protection modules to protect information.

13.2. In the event that the Rules do not impose special requirements on the choice of the CIPT to be used, the choice shall be made by agreement of the parties to the electronic exchange.

13.3. To carry out work related to the CIPT, the System Agents may engage on a contractual basis organizations that have licenses for the relevant types of activities.

13.4. Work to ensure information protection with the help of CIPT is carried out in accordance with the applicable legislation and technical documentation for the CIPT.

13.5. The System uses electronic signature tools that implement cryptographic algorithms:
electronic signature – RSA (key length of at least 2048 bits);
Encryption: AES-256-GCM.

13.6. The internal documents of the System Agents shall define and implement the procedure for the use of the CIPT, including:
the procedure for operationalization, including the procedures for embedding CIPT into automated systems used for money transfers;
the procedure for the operation of the CIPT;
the procedure for restoring the CIPT operability in case of failures and (or) failures in their operation;
the procedure for making changes to the CIPT software and technical documentation for the CIPT;
the procedure for decommissioning the CIPT;
the procedure for managing the key system;
the procedure for handling cryptographic key carriers, including the procedure for the application of organizational measures to protect information and the use of technical means of information protection designed to prevent unauthorized use of cryptographic keys, and the procedure for actions in case of change and compromise of keys.

13.7. The security of the cryptographic key production processes of the CIPT is ensured by a set of technological measures for information protection, organizational measures for information protection and technical means of information protection in accordance with the technical documentation for the CIPT.

13.8. Electronic signature certificates used in electronic document management and requested by Agents by official letters addressed to the Director of the Operator have a validity period of 1 (One) year. Two weeks before the expiration of the specified certificates, the Agent initiates the process of changing certificates by sending the specified official letter to the Operator.

Article 14. Requirements for protecting information from malicious code

14.1. In order to reduce possible losses from the impact of malicious code by preventing penetration and distribution, as well as timely destruction of malicious code, agents ensure compliance with the following requirements:

use of technical means of information protection designed to detect malicious code and to prevent the impact of malicious code on information infrastructure facilities (hereinafter referred to as technical means of information protection from the impact of malicious code) on computer equipment;
regular updating of versions of technical means of information protection against the effects of malicious code and databases used in the operation of technical means of information protection against the impact of malicious code and containing a description of malicious codes and methods of their neutralization;
formation of recommendations for Clients to protect information from the effects of malicious code;
use of anti-virus software from different manufacturers and their separate installation on personal electronic computers and servers used to perform Transactions, as well as on firewalls involved in the performance of Operations, if technically possible;
the operation of technical means of protecting information from the impact of malicious code in automatic mode, if technically possible.

14.2. The Operator and the Settlement Bank shall ensure the use of technical means to protect information from the effects of malicious code of various manufacturers and their separate installation on personal electronic computers and servers used for money transfers, as well as on firewalls involved in money transfers, if technically possible.

14.3. If technically possible, the Operator and the Settlement Bank shall ensure the performance of:

preliminary check for the absence of malicious software code installed or modified on computer equipment;
checking for the absence of malicious code of computer equipment, performed after installing or changing the software.

14.4. In the event of detection of malicious code or the fact of the impact of malicious code, the System Agent that detected the malicious code shall ensure that measures are taken to prevent the spread of malicious code and eliminate the consequences of the impact of malicious code. Agents, if necessary, suspend money transfers for the period of elimination of the consequences of infection with malicious code. In case of detection of a malicious code or the fact of exposure to a malicious code, the Agents shall immediately inform the Operator, who shall ensure that the other Agents of the System are informed about it by all available means: by telephone, fax and other available means, with the exception of electronic means of interaction (e-mail, etc.), which in this case may be a channel for the distribution of malicious code.

14.5. If the Agent detects the penetration of malicious code into the computer equipment involved in the electronic information exchange between the System Agents, it shall immediately terminate the electronic information exchange with other Agents, while informing the Agents and the Operator about the situation through any of the available communication channels, including by telephone and fax, including informing about the events, in his opinion, caused the specified event, its causes and consequences, after which he takes response measures provided for by local acts in the event of the occurrence of this type of events.

14.6. The agent shall inform the parties to the information exchange in electronic form about the resumption of the specified type of information exchange after the restoration of the normal functioning of the computer equipment used.

14.7. Agents ensure the use of technical means of information protection designed to detect malicious code and to prevent the impact of malicious code on information infrastructure facilities, on computer equipment, if technically possible; regular updating of versions of technical means of information protection against the effects of malicious code and databases used in the operation of technical means of information protection against the impact of malicious code and containing a description of malicious codes and methods of their neutralization.

14.8. Agents ensure that patch management is mandatory: the installation time for critical patches is Critical – no more than 7 days; High – no more than 14 days, Medium – no more than 21 days.

Article 15. Information interaction in the detection of incidents related to violations of the requirements for ensuring the protection of information during money transfers

15.1. In case of detection of incidents in the System related to violations of the requirements for ensuring the protection of information during money transfers, the Agent shall take measures to mitigate the negative consequences caused by the violation of the requirements, inform the Operator, in whose functional area of responsibility the area of the incident is located, in the manner and within the terms determined in the procedure for interaction within the System in emergency and non-standard situations. The agent who allowed the incident implements a set of measures aimed at eliminating the causes of the incident, and preventing its recurrence, and the consequences of the incident.

15.2. The Operator informs the Participants about the incidents identified in the System related to violations of the requirements for ensuring the protection of information when making money transfers, as well as about the recommended methods for analyzing and responding to these incidents by sending the relevant information within 1 business day after the investigation of the incident (establishing the causes, possible goals and consequences of the incident, methods of detection and suppression, as well as any other circumstances, significant for the detection and suppression of a specific incident).

15.3. As part of the information on their activities, the Participants of the System shall submit data for the purpose of analyzing the provision of information in the System when making money transfers. At the same time, the composition of the said data shall comply with the requirements of the applicable legislation governing the requirements for ensuring the protection of information in the System when making money transfers.

15.4. Agents inform the Operator on a monthly basis about the identified Incidents, in the manner and within the time limits established in the section "Procedure for Providing Information on Their Activities by Participants to the Operator".

15.5. In case of detection of Incidents by the Agents, the Agents shall immediately inform the Operator about them by e-mail to the members_support@leskarpay.com address. Upon receipt of the above notification, the Operator shall ensure the implementation of all possible actions aimed at eliminating the Incident and notify the relevant Agent of the measures taken and their results.
Such incidents should include, at a minimum, the following:
- the client's application for a transaction that he did not perform;
- events indicating unauthorized interference in the information system, which may affect the System or the information processed in it.

15.6. If, in order to eliminate the consequences of the identified incident related to the violation of the requirements for ensuring the protection of information when transferring money in the System, it becomes necessary to involve other System Agents, the System Agent who has detected the incident shall have the right to apply directly to other System Agents, including the System Operator, to organize interaction in order to eliminate the consequences of the identified incident. At the same time, the System Agent shall inform the System Operator about the facts and results of joint actions to eliminate the consequences of the identified incidents.

15.7. Agents of the System ensure:

application of organizational measures for information protection and (or) the use of technical means of information protection designed to identify incidents related to violations of the requirements for ensuring the protection of information during money transfers;
informing the structural unit for information protection about the detection of incidents related to violations of the requirements for ensuring the protection of information during money transfers;
responding to identified incidents related to violations of the requirements for ensuring the protection of information during money transfers;
analysis of the causes of the identified incidents related to violations of the requirements for ensuring the protection of information during money transfers, assessment of the results of the response to such incidents.

15.8. Agents of the System ensure the assessment of compliance with the requirements for ensuring information security at their own information infrastructure facilities during conformity assessment.

15.9. For the purposes of analysis and control (monitoring) of information protection when performing Transactions in the System, the Agents, upon the written request of the Operator, provide him with information on ensuring the protection of information when performing Transactions in the System, in the form established by the Operator in a written request. At the discretion of the Operator, the specified information shall include information on:
• compliance with the requirements for ensuring information security at its own information infrastructure facilities;
• implementation of the procedure established by the Agent to ensure the protection of information during the implementation of Transactions;
• identified Incidents;
• the report prepared by the inspection organization based on the results of the Conformity Assessment in accordance with the requirements of the applicable legislation;
• identified new threats and vulnerabilities in ensuring information security.

15.10. Ensuring the improvement of information protection when performing Operations in the System. Agents of the System shall ensure the revision of the procedure for ensuring information protection in the following cases:
• changes in the requirements for information protection determined by the Rules;
• changes to applicable law.
The System Agents shall ensure the improvement of information protection during the performance of Transactions in the following cases:
• changes in the requirements for information protection determined by the Rules;
• changes to applicable law;
• changes in the procedure for ensuring the protection of information during the performance of Transactions;
• identifying threats, risks and vulnerabilities in ensuring the protection of information during the implementation of Operations;
• identification of deficiencies in the control (monitoring) of compliance with the procedure for ensuring information protection during the performance of Operations;
• identification of deficiencies during the Conformity Assessment.

Chapter 5. AML/CFT measures

Article 16. AML/CFT measures

16.1. Participants undertake to comply with the requirements provided for by the applicable AML/CFT legislation, as well as international sanctions regimes, including sanctions of the United States (OFAC), Canada, the European Union, the United Nations, the United Kingdom and other jurisdictions, the list of which is established in the Rules or Policies of the ICSA.

16.2. The Agent independently and fully carries out the identification and verification of Clients, including compliance with KYC/KYB procedures, sanctions screening and monitoring of transactions in accordance with the applicable legislation of its jurisdiction, as well as the Rules and internal rules and procedures of the Agent.

16.3. The Operator shall have the right, at its own discretion and at intervals determined by the Operator, to verify the Agent's compliance with the requirements of this Article, the Rules, as well as the applicable legislation in terms of Transfers made through the Operator, including compliance with the procedures for identification and verification of customers, sanction screening and monitoring of transactions, as well as other applicable requirements, including the requirements for the transfer of information about the payer and recipient of the transfer, and has the right to request from The Agent's documents and information confirming such compliance. The Agent is obliged to provide the Operator with such documents and information within the time limits established by the Operator in the relevant request.
16.4. Participants are solely responsible for compliance with the above requirements and undertake to immediately notify the Operator of detected or suspected violations.

16.5. The Operator has the right to suspend Transfers or other interaction with the Agent in case of detection of facts or suspicions of violation of applicable sanctions regimes or AML/CFT requirements.

Article 17. Measures to ensure and implement organizational and procedural measures aimed at AML/CFT

17.1. When making Transfers at all stages of their implementation, the Agents shall ensure control over the availability, completeness, transfer as part of settlement documents or in any other way, compliance with the information at their disposal, as well as storage for at least 5 years from the date of creation of the transfer record of the information provided for by the State Registration Service.

17.2. Agents participating in the Money Transfer on behalf of individuals without opening bank accounts are obliged to ensure the invariability of the information contained in the received settlement document and its storage for at least 5 years from the date of creation of the transfer record.

17.3. When making Transfers, the Agents are obliged to comply with the restrictions on the purpose and Amounts of Transfers, as well as to carry out measures to verify the reliability of the Customers, provided for by the legislation on countermeasures in force in the territory of the state in which the Transfers are accepted and issued.

17.4. In cases provided for by the applicable legislation and transfer rules, the Agents are obliged to ensure reliable identification of this Client by other adequate measures provided for by the legislation of the Agent.

17.5. Agents are obliged to refrain from making Transfers in cases where they have sufficient and reasonable assumptions that the Transfer is carried out for the purpose of money laundering or terrorist financing, or circumvention of sanctions legislation.

17.6. The Agents are not entitled to disclose to the Clients information about the procedure for the implementation of countermeasures by the Agents, including the transfer of information about the Clients or Transfers to the state authorized bodies for the implementation of countermeasures.

17.7. The Agents shall ensure that all documents relating to Clients and Transfers made on paper are kept for five years after the establishment of the business relationship and shall ensure that such documents are transferred to the competent state bodies implementing countermeasures upon the latter's request.

17.8. When making Transfers, Agents are obliged to use means, including automated ones, necessary for the Participants to comply with AML/CFT measures. These means should be developed in accordance with national legislation to the extent that they do not contradict the applicable law.

17.9. Agents are obliged to comply with the written instructions of the Operator, within the time limits established by law and the Agreement.

Article 18. Processing of personal data

18.1. The Parties undertake to ensure bank secrecy in relation to Money Transfers.

18.2. Information on Money Transfers shall be provided only to authorized representatives of the Parties, as well as to state bodies and organizations in the manner and in cases expressly provided for by applicable law.

18.3. The Parties are obliged to ensure the protection and confidentiality of the personal data of the Sender and the Recipient, financial information on transfers and other information at their disposal and subject to mandatory protection.

18.4. The Parties shall ensure the safety and confidentiality of the credentials for access to the System transmitted by each other, as well as all information that became known during the conclusion of the Agreement and its execution.

18.5. The Agent shall be fully responsible for ensuring the correctness and reliability of identification data and other information about the Sender and the Recipient in order to use this information for the security of Transfers and prevention of fraud during their execution, as well as to settle disputes in case of their protest in accordance with the requirements of the legislation of the Agent's jurisdiction, the applicable rules of the IPS and the Agent's internal rules.

18.6. The Parties undertake to ensure compliance with the requirements of information security in accordance with the requirements of the legislation applicable to them.

18.7. The Parties undertake to ensure the storage of information and documentation on Translations for the period established by applicable law.

Chapter 6. Rights, Obligations and Responsibilities of Participants

Article 19. Rights and obligations of the System Members

19.1. Rights and obligations of the Operator
19.1.1. Obligations of the Operator:
(a) ensure the integrity, continuity and uninterrupted operation of the System in order to ensure that banks are able to provide money remittance services in a timely manner and in full;
(b) provide the Agents with the Registers on a daily basis and the Settlement Bank with the Consolidated Registers, which are the unconditional basis for determining net positions and mutual obligations;
(c) provide pre-trial settlement of disputes and claims submitted by Subjects and provide assistance in the investigation of disputes;
(d) guarantee and ensure the confidentiality, bank secrecy and protection of personal data in relation to information about transactions carried out in the System, in accordance with applicable law.
19.1.2. Rights of the Operator:
(a) unilaterally make changes and/or additions to the Rules in compliance with the conditions established by the applicable law, in the manner prescribed by the Rules;
(b) not disclose information on information protection requirements and information to which access is restricted in accordance with applicable law and the Rules;
(c) enter into agreements on cooperation with other local and international payment systems, provided that the procedure for such interaction is reflected in the Rules by making appropriate amendments;
(d) make publicly available a list of Agents;
(e) suspend and terminate the participation of Agents in the System in the manner and on the grounds established by the Rules;
(f) independently suspend money transfer operations carried out by Agents and Clients in respect of which the Operator has received information about the adoption by authorized state or other regulatory bodies of decisions to suspend transactions on the Accounts, to seize the money placed on the Accounts, to revoke/revoke the license by the regulator, and other circumstances that prevent the Agent from transferring money;
(g) request additional information on transactions;
(h) conduct promotions and other marketing activities;
(i) use the Agents' trademarks;
(j) exercise other rights under the law, the Rules and the GFA.

19.2. Rights and Obligations of the Agent
19.2.1. Obligations of the Agent:
(a) strictly comply with all the requirements of the documents of the System and the legislation of its jurisdiction;
(b) regularly familiarize himself with the Rules and other documents of the System published by the Operator and ensure that their employees comply with them;
(c) assist the Operator in the investigation of disputes;
(d) ensure that there is sufficient money in its accounts with the Clearing Bank for the uninterrupted provision of services;
(e) not disclose to third parties information about software, hardware and other solutions designed to work in the System without the prior consent of the Operator;
(f) guarantee and ensure the confidentiality, bank secrecy and protection of personal data in relation to information about transactions carried out in the System, in accordance with applicable law;
(g) respond to the Operator's requests in the manner and within the time limits established by the GFA.

19.2.2. Rights of the Agent:
(a) to receive services from the Operator in accordance with the Regulations, in accordance with their obligations set out in this Article;
(b) submit to the Operator the applications provided for within the System;
(c) send complaints and claims related to the work of other Subjects to the Operator;
(d) refuse to participate in promotions/loyalty programs held by the Operator;
(e) send information about restrictions on Transfers, if such restrictions affect the performance of transfers under the Rules and the GFA;
(f) make proposals for optimizing the conditions of Transfers;
(g) exercise other rights under the law, the Rules and the GFA.

19.3. Rights and Obligations of the Clearing Bank
19.3.1. Requirements to the Settlement Bank:
(a) The Settlement Bank of the System may be a Bank/credit institution established in accordance with the legislation of the country of origin, located in the territory of the country of origin, and operating on the basis of the License of the Authorized Body for Financial Market Surveillance.
(b) Availability of a license and other documents of title (constituent documents, certificates, etc.) necessary for the implementation of the relevant activity.
(c) Availability of the ability to provide settlement services in accordance with the legislation of the country of origin and the System Rules.
(d) The ability to carry out activities within the System in accordance with the Rules.
(e) Compliance with the mandatory requirements of the authorized body for the supervision of the financial market, including the requirements to ensure AML/CFT measures.
(f) Ensuring bank secrecy, protection of information when making money transfers and personal data of Clients (in case of their receipt and processing) in accordance with the legislation of the country of origin.
(g) Acceptance of the terms of operation of the System set out in the Rules and the GFA in full, including the agreement to be liable under the Rules and the GFA for their violation.
(h) Technological ability to be connected to the System.
(i) Carrying out its activities in accordance with the regulations of the country of origin, the Rules and the GFA concluded with the System Operator.
19.3.2. Obligations of the Settlement Bank:
(a) Not to change the provisions determining the procedure, conditions and terms of provision of services of the System Settlement Bank without the consent of the Operator.
(b) Ensure, within the System, the execution of orders received from the Operator by debiting and crediting money to accounts.
(c) Ensure that confirmations are sent regarding the execution of the Agents' orders.
(d) Ensure receipt from the Payment Registry Operator and execute it during the day on which it is transmitted.
(e) Send a report on the execution of the Register of Payments based on the results of processing the Register of Payments and making settlements.
(f) To provide the Operator, upon request, with reports, any information related to the exercise of its functions and compliance with the requirements.
(g) Provide the Operator with information about the limits (amount of money) within which the Bank carries out settlements for transactions made within the System.
(h) Immediately notify the Operator of the revocation of the license to make money transfers.
(i) In case of changes in the constituent documents, as well as in case of changes in other data, provide these changes no later than 5 (Five) working days.
(j) Ensure the uninterrupted provision of settlement services provided by them to System Agents.
(k) Independently develop its own risk analysis methodology.
(l) Guarantee and ensure the confidentiality, bank secrecy and protection of personal data in relation to information about transactions conducted in the System, in accordance with applicable law.
19.3.3. Rights of the Settlement Bank:
(a) Conclude bank account agreements with the Agents, as well as for the provision of money transfer services within the System.
(b) Receive remuneration for the provision of settlement services.
(c) Exercise other rights provided for by law, the Rules and the GFA.

Chapter 7. Final provisions

Article 20. Dispute Resolution

20.1. Governing Law and Jurisdiction
20.1.1. The Rules and any disputes arising out of or in connection with them shall be governed by and construed in accordance with the laws of England and Wales.
20.1.2. Any dispute arising out of or in connection with the Rules shall be subject to the exclusive jurisdiction of the Astana International Financial Centre Court (AIFC Court).
20.1.3. In the presence of imperative norms of the legislation in force in the territory of the state of incorporation of the Agent, excluding the application of contractual conditions, these norms shall take precedence over the terms of the Rules.

20.2. Procedure for pre-trial dispute resolution
20.2.1. In the event of a dispute between the Agents or between the Agents and the Operator, the parties are obliged to take all possible measures to resolve it in the working order through negotiations.
20.2.2. If the disputable situation cannot be resolved in due course, the interested party (Initiator) is obliged to send a written claim to the other party within one month from the date of occurrence of the basis for the claim. Claims received after this period are not considered.
20.2.3. The claim shall be set out on an official letterhead, signed by an authorized person and sent in a manner confirming delivery to the addressee. The claim must contain a statement of the essence of the claims, their justification and, if necessary, the calculation of the amount.
20.2.4. A party to the dispute shall consider the claim and send a reasoned response within 30 (thirty) calendar days from the date of its receipt. Failure to submit a response within the specified period is a violation of the claim procedure and may be considered as a refusal to satisfy the claims.

20.3. Interaction in Emergency Situations
21.3.1. In the event of emergencies or system failures, Members are obliged to immediately inform the Operator through available communication channels.
20.3.2. Upon receipt of the information, the Operator shall take all necessary actions to mitigate the negative consequences, identify and eliminate the causes of the failure, as well as to restore the normal functioning of the System within a reasonable time.

20.4. Dispute Resolution Panel
20.4.1. In case of failure to settle the dispute in the complaint procedure, a commission may be formed at the initiative of any of the parties to establish the organizational and technical circumstances of the disputed situation. The organization of the formation and activities of the commission is carried out by the Operator.
20.4.2. Based on the results of the commission's work, an act shall be drawn up, which shall be the basis for the parties to make a decision on the settlement of the conflict.

20.5. Evidentiary value and reconciliation of liabilities
20.5.1. Records of the Operator's databases shall have priority over database records of other System Agents when proving the authenticity of Electronic Messages and Orders.
20.5.2. Account statements and/or summary clearing statements issued by the Operator shall be documents confirming the existence of mutual obligations and claims of the Parties.
20.5.3. The Settlement Bank shall reconcile the transactions performed during the reporting period (daily on the Bank's business days).
20.5.4. In case of disagreement with the data provided in the acts or reports, the Agent is obliged to provide the Operator with a reasoned justification and supporting documents for verification within five working days.

Article 21. Privacy Policy

21.1. The Agent is obliged to maintain confidentiality during the entire period of cooperation with the Operator, as well as for five years after the termination of this cooperation: not to use for its own purposes or for the purposes of third parties the lists of Customers, lists of Agents, commercial terms of its cooperation or other conditions of relations between Agents, business processes or information that the Agent knows or reasonably should know, are confidential in relation to the business or activities of the Operator and/or other Agents of the System, with the exception of:
(a) Publicly available information;
(b) Information required by law to be disclosed;
c) information for the disclosure of which the consent of the Operator has been obtained (for other Agents of the System).

21.2. All information about the Clients (including personal data), as well as about other Agents of the System, which has become known to the Agents in connection with the performance of their Transfers within the System, as well as relating to settlements in connection with the execution of Transfers or received as a result of their implementation, belongs to the Operator. Agents are not entitled to use, reproduce and distribute such information independently and/or transfer it for any purpose to any third party, except for its transfer to authorized state bodies at their request in accordance with the law, without the prior written consent of the Operator. In cases where the Operator provides the Agents with consent to the collection, use or transfer of information about the Clients or about the System and/or its Agents, the Participants are obliged to ensure that the collection, use and transfer of such information complies with all applicable laws and regulations governing the protection of data and privacy of the Clients, as well as with these Rules.

21.3. Agents have the right to:
a) transfer information about the Clients to the Operator for the purpose of providing services;
b) use Customer data obtained through the Software for the purpose of providing services;
c) disclose information about Clients to law enforcement authorities as required by applicable law.

21.4. If the Agents, in accordance with the law or contractual relations, are obliged to provide other persons with any information related to cooperation with the Operator, other than in the usual procedure of reporting to law enforcement agencies or other organizations, the Agent is obliged to immediately notify the Operator thereof and, if required by the Operator, to provide the latter with full assistance in taking any reasonable measures provided for by law in order to protect this information to protect the Client's secrecy and/or the commercial secrets of the System Agents.

21.5. The Agent is obliged to maintain security and confidentiality when providing services for making Transfers and to exercise the maximum degree of caution, protecting the confidentiality of secret identification, sent (received) Electronic Orders and notifications, transferred amounts, account numbers and all other aspects of the services for making Transfers, including all measures and rules of security and prevention of fraud when making Transfers.

21.6. Agents of the System have the right to jointly carry out advertising activities aimed at promoting the System, with the conclusion of an appropriate agreement. At the same time, the Agents have the right to use information about their participation in the System when conducting their advertising campaigns. In case of using information about its participation in the System for its advertising purposes, the Agent is obliged to preliminarily agree on the text of the advertising information with the Operator and is not entitled to make public statements on behalf of the System without prior written consent from the Operator.

Article 22. Assignment of rights

22.1. Transfer (assignment) of rights and obligations under the Rules and/or under the General Framework Agreement to third parties is possible only with the prior written consent of the other Party.

Article 23. Procedure for monitoring compliance with the Rules

23.1. Control over compliance with the Rules by the System Agents is carried out by the Operator on an ongoing basis by monitoring the activities of the System Participants in the process of providing services within the System, analyzing complaints and appeals from senders and recipients of payments. As part of monitoring the activities of the System Participants in the process of providing services within the System, the Operator receives and analyzes information in real time about the activities of the System Agents in the provision of Services using the Operator's technical means in order to prevent the Agent from violating the Rules and applicable laws. As part of the analysis of complaints and appeals of senders and recipients of payments, the Operator organizes the reception, as well as registration of complaints and requests of senders and recipients of payments regarding the activities of the Participant in the process of providing services within the System, their processing, analysis of the received complaints and appeals of Payers and recipients of payments, organization of inspections of the activities of the System Agent for compliance with the provision of Services in accordance with the Terms and Conditions for Transfers.

23.2. For the purposes of monitoring compliance with the Rules, the Operator shall have the right to oblige the System Agents (both all and any of them individually):

provide a report in the form established by the Operator on compliance with the Rules, on disputable and conflict situations between the System Agent and the Payers related to the provision of services provided for by the Rules;
provide documents and other information regarding activities as a Member of the System, including compliance with the obligations of the System Agent and compliance of the Participant with the criteria of the System.

23.3. The Operator analyzes documents and information related to the activities of the Participants, including those provided by them in accordance with the Rules.

23.4. In the event that as a result of the System Operator's control over compliance with the Rules by the System Participants, non-compliance with the provisions of the Rules is revealed, the Operator shall have the right to:

send a request to the Member of the System in writing indicating the violation of the provisions of the Rules committed by the Member of the System, with the determination of a reasonable period for the elimination of such violation;
suspend the Participant's activities in the System until the violation of the provisions of the Rules is eliminated;
terminate cooperation with the Member of the System.

Article 24. Changing the Rules and Messaging

24.1. All messages between the Parties and the Operator related to the execution of Transfers through the System, as well as to the procedure for making settlements, shall be sent by the sender in the form of a written document certified by the signature of the authorized manager and the seal of the sender, by registered mail or courier service to the postal addresses specified in the agreements, or by electronic message using information and communication means.

24.2. In case of changes in addresses and bank details, the Participants are obliged to notify the Operator no later than the next business day after the change. The Operator notifies of its changes by placing the relevant information in the Software. The fulfillment by the Operator of its obligations in relation to another Participant using the details of the latter specified in the Agreement is considered proper if the Participant has not notified the Operator in writing of the change in its details before the start of the performance of these obligations.

24.3. The Operator has the right to unilaterally make any necessary changes and/or additions to the Rules.

24.4. Amendments and/or additions to the Rules shall be approved by the Operator and brought to the attention of the System Members by posting a new version of the Rules on the Operator's website.

24.5. Receipt by the Operator of an official written statement of the Participant on disagreement with changes and/or additions to the Rules is the basis for immediate termination of the Agreement and termination of cooperation with the Participant within the System.

24.6. The Operator is obliged to notify of changes and/or additions to the Rules in the manner and within the time limits provided for by the requirements of the applicable legislation.

Article 25. Interaction with other payment systems and Aggregators

25.1. The Operator has the right to route Money Transfers using both the infrastructure of the System and the infrastructure and technologies of other international and local payment systems and Aggregators on the basis of concluded cooperation agreements. As part of such interaction, the Operator increases the list of services provided to Customers and expands the geography of their provision.

25.2. The System Operator shall maintain and keep up to date the list of payment systems and Aggregators with which it interacts.

25.3. The procedure for interacting with the involved payment systems and Aggregators shall be determined as follows: (a) In the network of the attracted payment system or Aggregator, Money Transfers shall be sent and/or paid to Customers without opening an account. (b) Money Transfers initiated in other payment systems or through Aggregators are sent and/or paid to Customers in the System network without opening an account.

25.4. Information interaction between the System and the involved payment systems and Aggregators shall be carried out between the System Participants in real time using a secure communication channel by exchanging electronic messages in the established format, certified by the electronic signature of the sending party.

Cookies are small text files that are downloaded to your computer or device by a server when you visit this Website. Your browser then sends these cookies back to the Website to enable us to recognize your computer and gather information about the pages you have visited and the features used by your computer. It's important to note that cookies do not contain personal information about you or your location.
Additionally, cookies do not spread viruses or malware, nor do they store data.

Purpose
Some cookies are essential for navigating the Website and utilizing its features, such as accessing specific areas designated for existing clients or registered users. Additionally, we use cookies to gather statistical data solely for the purpose of enhancing our Website and customizing the user experience to better suit your preferences.
Cookies cannot personally identify you, but we may utilize information about the Websites visited from your computer, in conjunction with other data we possess about you. When you log into the online platform, we record details regarding your website visits, including the time and location. This information aids us in tailoring our advice and marketing efforts to be as relevant as possible to you. However, we only store this information if you have provided consent for the use of cookies. Please note that session, functionality, and operation cookies are deployed regardless, as they are necessary for accessing our self-service solutions.
Cookies gather information anonymously in aggregated form. It's important to note that anonymity is maintained, as your IP address is masked.

Your consent for use of cookies, withdrawal of consent and rejection of cookies
Upon visiting our website, a cookie pop-up will appear. If you agree to the use of cookies, you can click "OK" or "Yes, I accept." If you choose not to click "OK" or select "No thanks," no consent is given, and no cookies will be added, except for essential cookies.
Nevertheless, we will store a cookie to remember your decision, and if you haven't clicked "OK" or "No thanks," you will not be using other cookies.
If you wish to withdraw your consent or completely avoid cookies, you must disable cookies in your browser settings. However, please be aware that disabling all cookies may prevent us from providing all our services.

We use various kinds of cookies

Basic types of cookies. These are obligatory:

Session cookies sent to the web browser: These cookies function as long as you are actively using our browser. They are automatically deleted once you close your browser.
Persistent Cookies: These cookies remain in the browser until they reach their specified expiration date. You also have the option to manually delete them. They authenticate domain cookies and identify session expiration.
Store cookies: These cookies retain a unique ID for anonymous users.

Own or third party cookies

First party cookies: These are our own cookies.
Third party cookies: These are cookies set by third parties, such as our Website providers and always following an agreement with us.

Purpose

Statistical [internal] - we utilize tools for statistical analysis and monitoring user activity on site.
Marketing (third party cookies): We use these cookies to track across multiple pages and websites. They help create visitor profiles based on searches made or pages visited, facilitating targeted advertising. We only share anonymous data with third parties.
Chat and Help (third party cookies): These cookies enable chat conversations with visitors but also to provide assistance with visited pages.
Functionality cookies: These cookies store the user's preferred currency.
Facebook, Twitter, LinkedIn (third party cookies): On some of our websites you can link to social media platforms. It's important to note that social media providers like Facebook, Twitter, and LinkedIn receive technical data about the user's browser, IP address, and visited pages.

Classification

The mandatory cookies mentioned above are not affected by your cookie consent and they are required for the functionality of the Website.
Deleting cookies
Every browser provides options to delete cookies either individually or all at once.
The process for deleting cookies varies depending on the browser you use, but you can always seek assistance within the browser's settings for deleting cookies.

info@leskarpay.com

80 Birmingham St, C6, Etobicoke, Ontario, Canada, M8V 3W6

Rules

Registered with FINTRAC as MSB (Money Service Business) with registration number M23344351, date of expiry 2026-06-30
Ontario Corporation Number (OCN) - 1000562552