Background

Money Laundering is the process by which criminals attempt to hide and disguise the true origin and ownership of the proceeds of their criminal activities and thereby have these funds enter the normal economy to make it seem as if they have been obtained legitimately. Terrorist Financing is the act of unlawfully and willingly providing or collecting funds (whether directly or indirectly) with the intention that they should be used or, in the knowledge that they are to be used, in support of an act of terrorism. Both are global problems that compromise the security and effectiveness of all financial systems – whether crypto finance or traditional banking, undermine economic development and damage societies.

Idenfo (“the Company”) offers AML services to financial institutions such as banks, estate agents, insurance providers, crypto-asset providers and solicitors. Such services include KYC and name screening as well as document verification. As part of the discharge of its services the Company is committed to denying terrorists and criminals access to the financial system and to complying with all applicable Anti-Money Laundering and Counter Terrorist Financing laws and regulations. This document sets out the Company’s Policy on AML and Counter Terrorist Financing.

When setting its Policy, the Company has taken into account relevant legal and regulatory requirements as updated from time to time in the United Kingdom and elsewhere. The Company recognises that failure to comply with this Policy can have serious consequences for the Company, including criminal and civil fines, public censure and significant reputational and regulatory damage.

Purpose

The purpose of the Company’s AML Policy is to frame global standards for the Company’s AML Compliance programme.

The Company operates in many different jurisdictions with many different Customers and is therefore subject to different legal requirements and regulatory expectations when determining which proceeds-generating crimes are money-laundering offences. This policy therefore sets out the minimum applicable requirements in relation to AML which these jurisdictions must apply. The Company will comply with requirements set out in law or regulations and consider regulatory expectations in each country where it operates, where those requirements or expectations go beyond the standards of the Company AML Policy.

Scope

This Policy applies to the Company, all Staff within the Company and across all businesses and operations of the Company.

Governance

General Responsibilities

All Staff are responsible for complying with this Policy, all applicable laws and regulations, and for ensuring the effective management of money laundering risk within the scope of their direct organisational responsibilities. No Staff may be involved in any manner in any activity intended to avoid or circumvent the Company’s AML Policy. Any breach of this Policy may, amongst other things, lead to disciplinary action and/or loss of employment.

Business Level

The Company shall determine what additional documentation (including system and process user guides) is needed to ensure globally consistent execution when providing services to Customers. All such documentation must be maintained and updated in line with the Company Governance Standards, with evidence of version control such that it is clear what the current document is.

Executive Oversight

The Company delegates executive responsibility for execution of this policy to the Company’s Compliance Manager (“CM”). The CM has been allocated overall responsibility within the Company for the establishment and maintenance of effective systems and controls to meet legal and regulatory obligations in relation to money laundering and terrorist financing.

Risk Based Approach

The Company has adopted a risk based approach to AML. For the Customers to whom the Company provides services, this is demonstrated through the categorisation of their individual Clients during initial KYC checks and the subsequent monitoring of transactions that is then deployed. In general the Company takes the view that it has no appetite for breaches in laws and regulations related to Financial Crime, recognising that whilst incidents are unwanted, they cannot be entirely avoided.

Key Principles

In order to manage the AML risks across the organisation when providing services to

Customers, the Company will:

• ensure that the CM has authority and independence within the Company, and access to resources and information to enable them to carry out that responsibility (see CM’s responsibilities section)

• ensure that there are adequate resources, including Staff who possess appropriate skills, knowledge and expertise, to manage money laundering risk within the Company

• when providing services to Customers, operate a Company-wide risk based approach to Know Your Customer (“KYC”) procedures for Clients of those Customers at both onboarding and on an ongoing basis (see Know Your Customer section)

• when providing services to Customers, operate a Company-wide risk based approach to surveillance of Clients of those Customers activity throughout the life of the Client relationship, including having proportionate systems and controls, and may restrict any transactions known or reasonably suspected to involve money laundering and terrorist financing (see On-Going Monitoring section)

• ensure that Company-wide procedures are established in respect of data protection and sharing of information for the purposes of AML within the Company

• when providing services to Customers, maintain procedures to ensure that suspicious activity is reported in the first instance to those Customers in accordance with requirements prescribed by local laws and regulations.

• support government agencies and international bodies in combating the use of the financial system for money laundering and/or terrorist financing (see Supporting Government Agencies and International Bodies section)

• maintain a robust training programme on the requirements of this Policy, targeted as appropriate to Staff with AML-facing duties (see Training section)

• maintain transparent and accessible records of due diligence, transactions, training, assurance activities and incident reports relating to AML compliance for internal Company activities (see Record Retention section)

Compliance Manager Responsibilities

The Company CM is responsible for:

• representing AML policy at Board meetings providing appropriate management information and reporting on the operation and effectiveness of systems and controls in relation to money laundering compliance

• overseeing and supervising the implementation of work to manage and mitigate money laundering risks as documented through this Policy

• articulating, documenting (i.e. Job Descriptions) and ensuring AML department Staff have and maintain the requisite skills, knowledge, expertise and delegated authority to perform their duties effectively

• overseeing the implementation of measures to ensure money laundering risks are taken into account in the Company’s day-to-day operations when providing services to crypto company Customers

• providing Staff with appropriate training in relation to money laundering

• assisting in building a culture of good conduct.

Know Your Customer (KYC)

When on-boarding staff within the Company the Company will establish KYC Procedures to identify and manage money laundering risk of the new staff.

Similarly, when providing services to Customers, the Company will establish KYC Procedures to identify and manage money laundering risk of the Customer’s Clients and ensure that the Customer reasonably knows its Client at the time of onboarding, and through the life cycle of the Client relationship.

These procedures will:

• prohibit certain relationships including relationships with individuals known to be involved with money laundering or terrorism financing activity (ie those staff or Clients who are on globally recognised sanction lists) or those relationships where the nationality includes a sanctioned country

• require that the Customer does not transact or open business relationships with the Client until KYC has been completed

• determine a risk based approach that will be used to collect sufficient information to reasonably identify the staff or Client and to understand the purpose and intended nature of the Customer’s relationship with the Client

• verify, to a reasonable extent and on a risk based approach, that the information supplied is accurate

• define requirements for reliance on third parties in respect of KYC measures and the circumstances where reliance is permitted

• determine consistent escalation and approval requirements for staff or Clients based on risk both internally within the Company and externally to the Customer

• provide a mechanism to ensure compliance with any additional country requirements that go beyond the requirements of the standard Company KYC Procedures

• define requirements for KYC review and monitoring to ensure CDD information is kept up to date and its risk rating remains consistent with current methodology

• define higher risk categories of staff or Clients for which enhanced ongoing review monitoring is required

• determine a risk based approach to be applied in relation to the onboarding of Politically Exposed Persons (“PEPs”) or Clients connected to PEPs.

On-Going Monitoring

Name Screening

When on-boarding new staff or providing services to Customers, the Company will implement and maintain adequate processes and systems to screen names of staff or Clients of Customers for potential sanction list and PEP matches, both at onboarding and periodically on a risk based frequency.

Name screening will take the form of both automated system screening and then manual checks when the system throws up a “likely” match. The Company will ensure that appropriate alert management and quality control training and documentation is in place to ensure a consistent approach to name screening.

Supporting government agencies and international bodies

Where possible, the Company will co-operate with any lawful requests for information made by government agencies during their investigations into money laundering and/or terrorist financing. The Company will fully co-operate and seek to resolve all open significant Financial Crime legal and regulatory matters.

Training

The Company will design and make available relevant training to ensure that Staff are appropriately trained on induction and thereafter on a periodic basis on the AML risks facing the Company, the legal and regulatory environment and the key requirements of this Policy. Training will generally be focused on demonstrating and/or enabling the knowledge and behaviour required to ensure Staff are fully equipped to address any AML risks they encounter as they are employed in their day-to-day or on-going monitoring tasks.

Record Retention

The Company will retain transparent and accessible records of due diligence, transactions, training and incident reports relating to AML compliance for a minimum of five years after the activity to which the record relates has been completed. Following the expiry of the period, personal data collected by the Company as a result of the above records shall be deleted unless required to do otherwise by applicable laws and regulations. When providing services to a Customer which operates in counties where retention is required for longer than 5 years, the Company will ensure that suitable arrangements are in place.