Prepared in accordance with the Rules on the Licensing of Crypto-Asset Service Providers, approved by Resolution No. 03-157 of the Board of the Bank of Lithuania of 17 December 2024, point 7.
UTRG UAB provides crypto-asset transfer services to clients in a secure, transparent, and compliant manner. This means we can execute transfers of crypto-assets on your behalf (for example, sending cryptocurrency from your account with us to an external wallet or another service) under strict procedures that protect your interests and comply with all legal requirements. Our Procedures for Providing Transfer Services are summarised below to inform you how we handle such transactions:
Client Authorisation Only: We will only carry out a crypto-asset transfer for you when you have given us a clear, explicit instruction to do so, and under a proper agreement. UTRG UAB enters into a written transfer services agreement with each client as required by law (MiCA Article 82), which details both parties’ responsibilities, how the service works, security measures, fees, and other terms. We do not initiate transfers on our own or for any third party without your consent. Every transfer request must come from you (or your authorised representative) through our secure communication channels (such as our authenticated online portal or another agreed method). Upon receiving a transfer instruction, our team verifies that the request is genuine and authorised – we check your identity credentials and confirm that the request corresponds to your account and rights. This step ensures that only you can initiate movements of your crypto-assets, preventing unauthorised transfers.
Compliance Checks and Travel Rule Data: Before any crypto transfer is executed, UTRG UAB performs thorough compliance checks in line with Anti-Money Laundering (AML) laws and the Travel Rule (EU Regulation 2023/1113 on information accompanying transfers of funds). In practice, this means we collect and verify the required identifying information about both the originator (you) and the beneficiary of the transfer. We screen the parties involved against international sanctions lists and other watchlists to ensure neither the sender nor the receiver is prohibited or suspicious. For transfers where the recipient is using another crypto-asset service provider (CASP/VASP), we adhere to the Travel Rule by securely exchanging the necessary originator and beneficiary information with the other provider through a trusted system (we use Sumsub’s Travel Rule solution for this purpose). This allows the receiving institution to verify the details on their side as well. If any required information is missing or cannot be obtained, or if a sanctions or AML concern arises from the data, UTRG UAB will halt the transfer and not proceed until the issue is resolved. In fact, under the risk-based procedures mandated by law, a transfer that lacks required information or involves a flagged entity may be refused or the assets returned to the sender. By conducting these checks, we ensure that all crypto-asset transfers comply with financial crime prevention rules and that you and your funds are protected from being involved in illicit activities. (We will inform you if a transfer you requested is delayed or stopped due to compliance reasons and advise on next steps.)
Address Whitelisting and Verification: UTRG UAB employs an address whitelisting system as an extra layer of security for crypto transfers. This means we maintain a list of cryptocurrency withdrawal addresses that have been verified and approved for your account. When you request a transfer to an external wallet, if the destination address is one of your pre-approved (whitelisted) addresses, we will proceed with the normal process. If it’s a new address that you haven’t used with us before, we will ask for additional confirmation and perform verification checks before allowing the transfer. Typically, adding a new address might require you to undergo additional authentication steps and/or provide proof of ownership or attribution for that wallet (for example, a small test transaction or documentation linking you to that address). Our operations team double-checks every wallet address to ensure it is entered correctly (including format and checksum validation), since crypto transfers are irreversible and a typo could result in loss of funds. The transfer is executed only after confirming that the address belongs to the client or designated beneficiary and is safely recorded in our system will a transfer to that address be executed. This whitelisting practice prevents unauthorised or accidental transfers to unknown destinations and gives you control over where your crypto can be sent.
Prompt and Reliable Execution: Under normal circumstances, UTRG UAB executes duly authorised transfer requests promptly, usually within the same business day. In general, once your request passes all checks, the crypto transaction will be signed and broadcast to the relevant blockchain network without undue delay. We use multiple blockchain node providers and robust connectivity (with backups and fail-safes) to publish transactions, so network issues are minimised. If you submit a transfer instruction very late in the day or when markets are closed, and it misses our internal cutoff time for processing, we will queue it for the next earliest processing cycle and inform you of this scheduling. For very large transfers or special cases, we may coordinate the timing with you to optimise fees or ensure sufficient liquidity. Our goal is to transmit your assets to the intended destination as fast as the blockchain allows, while maintaining security. Additionally, our infrastructure is designed for high reliability: we have redundant systems and continuous monitoring, so if one blockchain access point is down or slow, another can take over. We actively track the status of each outgoing transfer on-chain. If a transaction doesn’t confirm within the expected time (for example, due to network congestion or low fee), our system will automatically retry or escalate the issue so that it gets resolved (as described below). You can monitor your transfer’s progress via our platform, and we will consider a transfer complete only after it has the required blockchain confirmations.
Secure Processing and Multi-Signature Controls: Security is a core principle guiding how UTRG UAB provides transfer services. UTRG UAB applies rigorous safeguards at every step of the transfer process to protect your assets from theft or error. All private cryptographic keys used to control client assets are stored in secure, encrypted form – never in plain text. We utilise hardware security modules and an encrypted key vault (integrated with Google Cloud KMS) to manage these keys, meaning that even our own staff do not see or handle raw private keys. Furthermore, we enforce a multi-approval (multi-signature) policy for outgoing transfers of client crypto-assets. In practice, this “four-eyes” principle requires that at least two authorised UTRG UAB officers or systems independently approve and co-sign a transaction before it is released to the network. No single individual can unilaterally move your funds. Every transaction request is logged and must go through this dual-control process, providing both security and accountability. On the systems side, our operating environment is highly secure: critical transfer systems (wallet servers, key management, transaction databases) run in isolated, access-restricted networks. Only a very limited number of vetted personnel have the ability to access these systems, and they must use strong authentication methods (such as VPN access plus multi-factor authentication) to do so. The principle of least privilege is applied – each employee or system has only the minimum required access rights.. All access and actions are recorded in audit logs. Additionally, all data involved in the transfer process (transaction details, logs, etc.) is encrypted both in transit and at rest. Our Information Security team continuously monitors for any unusual activity in the transfer systems and conducts regular audits and penetration tests to ensure the controls remain effective. With this combination of encryption, multi-signature authorisation, and tight access control, we maintain a highly secure environment for moving client assets.
Monitoring, Error Handling, and Delays: UTRG UAB has clear procedures to handle any issues that might arise during a crypto transfer. We proactively monitor the blockchain for each outgoing transfer to confirm its progress. If a transaction is not included in a block within the expected timeframe (for instance, if the network is congested or the transaction fee was set too low), our system or team may take corrective action. This could include increasing the network fee (if possible via replace-by-fee or a similar mechanism) or rebroadcasting the transaction through an alternative node or network path. These measures help ensure your transfer eventually goes through. In the case of a failed or rejected transaction (for example, if the destination address was invalid due to a typo, or a smart contract transfer didn’t execute), our system immediately flags an exception. We document what went wrong and will notify you about the failure promptly. Any funds that left your account but were not delivered are safely accounted for – for instance, if a failure is detected, we will reverse any ledger entries that deducted assets from your balance so that you are made whole while we investigate. Our Compliance and Finance teams are also alerted to any such incident. If needed, we coordinate with the receiving party or blockchain miners to recover funds (when possible) or otherwise advise you on the outcome. Throughout this process, communication with you is key: we keep you informed of delays or issues, and of course, once a transfer is successfully completed, we confirm that to you along with the transaction identifier.
Dispute Resolution and Incident Handling: In the unlikely scenario that you notice a transfer from your account that you did not authorise or you believe an error was made, UTRG UAB has procedures to investigate and resolve such disputes quickly. Upon receiving a complaint or detecting an anomaly, we escalate the matter to our Compliance Officer and IT Security team for investigation. We will review all relevant logs – this includes checking how the instruction was received, what approvals were given, and every system action taken. Because every transfer requires authentication and multiple approvals, we can usually pinpoint whether an unauthorised actor somehow initiated a request or if an internal mistake occurred. If we find that a security breach or fraud led to an improper transfer, UTRG UAB will take immediate steps to contain and remediate the issue. This may involve freezing related accounts, attempting to recover the funds (e.g., contacting exchanges if assets were sent onward), and cooperating with law enforcement. Moreover, our policy is to compensate the client if the loss was due to failures on our side (subject to the liability terms in our agreement). All such incidents are documented in our Incident Response Plan logs, and we use them as learning opportunities to strengthen our controls. Our ultimate aim is that you never suffer a loss of assets due to a process failure or unauthorised action.
Recordkeeping and Reconciliation: UTRG UAB keeps extensive records of all transfer transactions and performs ongoing reconciliation to ensure accuracy. Every crypto-asset transfer we handle is recorded with full details: the date/time, the client and beneficiary information, the asset type and amount, the source and destination addresses, transaction hash on the blockchain, and the status (completed, pending, etc.). We also log the method of instruction and all internal approvals associated with each transfer. These records are stored in secure, tamper-evident systems so that we have an immutable audit trail for every movement of client assets. We retain these logs for a minimum of 8 years (and longer where required by law or business needs). Such thorough recordkeeping means we can always verify what happened with any transfer, even years later, which protects both the client and the Company. In addition to recordkeeping, we do daily reconciliations of our crypto-asset balances. This means our Finance/Operations team checks that the total amount of crypto-assets we are holding on-chain (across all client wallets) matches the aggregate totals in our internal ledger of client accounts. If there is any discrepancy, it is investigated immediately by management. Similarly, for any fiat funds that relate to transfers (for example, if a transfer involves converting crypto to fiat or vice versa), we reconcile bank and payment provider records with our internal records each day. We maintain a segregated accounting structure wherein client assets are tracked in accounts separate from UTRG UAB’s own funds, and we regularly verify that the sum of all clients’ crypto (and any fiat) holdings equals the total assets we have on hand for clients. We also subject these reconciliations to periodic internal and external audits – independent auditors review our segregation and transfer records to confirm that everything is in order. This high level of oversight and verification means you can trust that the balances we show for your account are accurate and fully backed by actual assets. In summary, UTRG UAB’s transfer service operates with transparency, strong controls, and client-centric safeguards at every step. We want you to feel confident that when you instruct us to transfer your crypto-assets, the process will be safe, compliant, and efficient from start to finish.