ANTI-MONEY LAUNDERING, COUNTER-TERRORIST FINANCING, AND CUSTOMER IDENTIFICATION POLICY
(Annex to the Investment Advisory Agreement)
(Annex to the Investment Advisory Agreement)
1. Introduction
1.1 This Anti-Money Laundering, Counter-Terrorist Financing, and Customer Identification Policy (“Policy”) sets out the approach of WWay Corp. (“the Company”) to basic client identification and compliance procedures in connection with its advisory and consulting services in investment strategy, digital assets, and DeFi infrastructure (the “Service”).
1.2 The Company does not manage, hold, or control Client funds or digital assets. All investment and operational decisions are made solely by the Client.
1.3 The purpose of this Policy is to ensure that all Clients are properly identified and that the Company’s services are not used for illegal or fraudulent purposes, in accordance with reasonable compliance standards applicable to non-custodial advisory firms.
2. Definitions
For the purpose of these Policy, the following capitalized terms shall have the meanings set forth below:
- Client/Customer – means a natural person or a legal entity (including collective investment undertakings, funds, or family offices) which has or intends to have a Business Relationship with the Company;
- Business Relationship – means any contractual cooperation between the Company and the Client that has an element of duration and does not involve management or custody of client funds;
- Beneficial Owner/UBO – a natural person who ultimately owns or controls the Client (legal entity);
- Money Laundering/ML – means:
a) The conversion or transfer of property, knowing that such property is derived from criminal activity, for the purpose of concealing its illicit origin or assisting any person involved to evade legal consequences;
b) The concealment or disguise of the true nature, source, location, disposition, or ownership of property derived from criminal activity;
c) The acquisition, possession, or use of property, knowing that such property is derived from criminal activity;
d) Participation in, association to commit, aiding, abetting, or facilitating any of the above;
- Terrorist Financing/TF – means the provision or collection of funds, directly or indirectly, with the intention or knowledge that they will be used, in whole or in part, to carry out terrorist acts as defined in Article 2 of the International Convention for the Suppression of the Financing of Terrorism (1999);
- Know Your Client/KYC – the process of collecting and verifying basic identification information about the Client or its representatives to confirm identity and lawful origin of funds used for payment;
- Customer Due Diligence/CDD – measures to identify and verify the Client before establishing a business relationship;
- Enhanced Due Diligence/EDD – additional measures required for higher-risk Clients at the Company’s discretion. EDD may be applied internally at the Company’s discretion. It is not a legal requirement and does not automatically lead to rejection of clients;
- Source of Funds(SoF)/Source of Wealth (SoW) – the origin of a Client’s accumulated wealth, including lawful income, investments, or business proceeds, used to establish the legitimacy of funds deployed in the Business Relationship. SoF/SoW is taken as a short client declaration. Supporting documents are requested only if the client is high-risk or if red flags appear;
- Politically Exposed Person/PEP – means the natural persons who are or have been entrusted with Prominent Public Functions and Close Family Members or Close Associates of such persons;
- Suspicious Activity – any behavior or pattern that raises doubts about the legality of funds or identity of the Client and may result in refusal to cooperate;
- AML Provider/Approved Verification Tool – automated or manual ID verification services (e.g., AML-bot, API-based solution) used to confirm client identity.
3. Scope and Objectives of the Policy
3.1 This Policy applies to all activities and services provided by the Company in connection with its advisory and consulting operations.
3.2 The Policy applies to all Company personnel, including management, employees, contractors, and any third-party service providers engaged in Client identification or onboarding.
3.3 The main objectives of this Policy are to:
- Ensure that the Company follows reasonable compliance and Client identification practices consistent with its non-custodial advisory nature;
-
- Prevent the use of the Company’s services for ML, TF, or other illicit purposes;
- Establish clear and proportionate procedures for identifying and verifying Clients.
4. Governance and Responsibilities
4.1 The Director of the Company acts as the Responsible Person overseeing compliance with this Policy.
4.2 The Director ensures that the Company maintains internal procedures for proper client identification and for preventing the use of its services for illegal purposes.
4.3 The Company may use automated or third-party verification tools (Approved Verification Tool) to support identity verification
4.4 All employees and contractors involved in Сlient onboarding or advisory activities must be familiar with this Policy, follow the prescribed identification procedures, and immediately escalate any concerns regarding suspicious Сlients to the Director.
5. Know Your Customer Requirements
5.1 The Company implements KYC procedures as part of its Client identification to ensure that each Client is properly verified before establishing a Business Relationship.
5.2 All KYC information shall be verified using Approved Verification Tool or other reliable and independent sources where available.
5.3 Verification shall be proportionate to the nature of the services provided and the information available:
5.3.1 Individuals:
a) Full legal name.
b) Date and place of birth.
c) Valid government-issued photo identification document, such as a passport, national ID card, or residence permit.
d) Proof of residential address issued within the last three (3) months.
e) Contact information, including email address and telephone number.
f) Signature under contractual agreement (e.g., DocuSign)
g) Occupation and SoF and SoW may be requested only under EDD.
5.3.2 Legal Entities. The minimum required documentation for legal entities comprises:
a) Full legal name, registration number, date and place of incorporation, and registered address.
b) Certificate of Incorporation or equivalent registration document.
c) List of directors and authorized representatives with valid identification; list of shareholders and UBO, with ownership percentages;
d) Occupation and SoF and SoW may be requested only under EDD.
5.4 The Company does not accept anonymous, fictitious, or third-party Clients acting on behalf of undisclosed principals.
5.5 In the event of doubt regarding the authenticity of information or documents, onboarding must be suspended until the required information is obtained and verified.
6. Customer Onboarding and Customer Due Diligence
6.1 The objectives of onboarding and CDD are to verify the Client’s identity, understand the general nature of the relationship, and ensure that services are not used for illicit purposes. CDD is applied from the first contact and continues throughout the Business Relationship.
6.2 Levels of due diligence include:
- Standard Due Diligence/SDD - applied to most Clients; includes verification of identity and, where applicable, UBO identification;
- Enhanced Due Diligence/EDD - applied only when a Client presents higher risk (e.g. PEP, complex ownership, high-risk jurisdiction); may include obtaining a brief written confirmation of SoF or SoW and approval by the Director.
6.3 The Company uses an Approved Verification Tool to confirm client identity and perform basic sanctions/PEP screening.
6.4 Onboarding steps include:
a) Collection of identification data and documents.
b) Verification of documents using available tools.
c) Review and approval by the Director.
d) Secure electronic recordkeeping for three (3) years.
6.5 For legal entities the Company must identify and verify all UBO to the natural person who ultimately owns or controls the entity.
6.6 EDD measures, when applied, include obtaining a brief of SoF/SoW and Director approval prior to onboarding. All EDD records are retained electronically for at least three (3) years.
7. Risk Assessment and Risk-Based Approach
7.1 The Company applies a risk-based approach to all its Business Relationships and activities. This approach ensures that Clients presenting higher risk may be subject to EDD, while standard Clients undergo basic identification and verification. The Director retains ultimate responsibility for all compliance decisions.
7.2 Risk assessment is based on information collected during onboarding and, where applicable, internal review at Director’s discretion.
7.3 Risk factors may include:
Categories
Short description
Factors
Customers
Risk stemming from the Client’s identity, legal form, ownership, reputation and behavior;
Natural person vs complex entity; unclear or layered ownership; limited documentation.
Countries or Jurisdictions
Risk arising from the Client’s country of residence, incorporation
High-risk or sanctioned jurisdictions; routing through secrecy jurisdictions.
7.4 The Company applies a risk-based approach, meaning that enhanced scrutiny may be applied where higher risk factors are identified.
7.5 All risk assessments, onboarding files, and EDD materials including SoF/SoW evidence are documented and retained electronically for at least three (3) years.
8. Maintaining Current Customer Information
8.1 The Company maintains accurate and up-to-date information about all Clients throughout the course of the Business Relationship. The purpose of this ongoing due diligence is to ensure that the relationship remains consistent with the Client’s initially declared purpose, risk level, and nature of engagement.
8.2 The Company does not execute or control Client transactions. Ongoing verification focuses on ensuring that Client profiles and ownership structures remain accurate and consistent with information provided during onboarding.
8.3 The Company may request Clients to provide updated identification documents, declarations, or supporting information if new risk factors are identified or existing information becomes outdated.
9. Suspicious Activity Reporting and Reporting Obligations
9.1 All suspicious activity is recorded and handled internally. The Company has no obligation to file external SARs unless specifically required by law.
9.2 All employees must report any unusual or suspicious activity observed in the course of Client interactions.
9.3 Internal reporting steps include:
a) Observation and completion of an internal report (Annex 4) by the employee.
b) The Director or designated Responsible Person reviews the report and determines any appropriate internal action.
9.4 All internal reports are treated as strictly confidential, with access limited to the Director or other authorised personnel.
10. Refusal or Termination of the Business Relationship
10.1 The Company may refuse to establish or may terminate a Business Relationship if:
- The Client or UBO fails to provide required identification or verification information;
- The Client engages in activities that appear inconsistent with the declared purpose of the relationship;
- The Responsible Person or Director determines that continuing the relationship is inappropriate.
10.2 Decisions to refuse or terminate must be documented, including the rationale, supporting information.
10.3 The Company is not required to provide reasons to the Client for refusal or termination.
11. Record Keeping, Data Protection and Confidentiality
11.1 All Client information collected for onboarding and identification purposes is stored electronically.
11.2 Records, including onboarding files, KYC, EDD materials (SoF/SoW), and internal compliance decisions, are retained for at least three (3) years from the end of the Business Relationship.
11.3 Data is stored in secure cloud environments (e.g., Google Drive, Notion) or protected company drives.
11.4 Access to records is strictly limited to the Director and Responsible Person.
11.5 Only information necessary for implementation of this Policy and contractual obligations is collected and retained.
12. Conflicts of Interest
12.1 The Company identifies, manages, and mitigates conflicts of interest to maintain impartiality in advisory services. Conflicts may arise when the Company or its employees have personal, financial, or business interests that could affect objectivity.
12.2 Mitigation measures include:
- Disclosure of potential conflicts to Clients;
- Segregation of duties and decision-making;
- Escalation to the Director;
- Documentation of decisions, rationale, and mitigation measures.
13. Staff Training
13.1 All staff and contractors involved in Client onboarding or advisory services are expected to complete training on the Company’s client identification procedures and internal compliance systems.
13.2 The training is designed to provide knowledge and guidance on:
- Recognising potential Suspicious Activity;
- Reporting obligations and escalation procedures;
- Using Approved Verification Tool tools and internal compliance systems.
13.3 Refresher training is recommended at least annually, or more frequently if required by regulatory updates.
13.4 The Director coordinates and updates the training program and supports staff in understanding and applying internal compliance procedures.
14. Miscellaneous
14.1 This Policy shall be reviewed periodically and updated as necessary to reflect internal procedural changes and best practices in client protection.
14.2 This Policy enters into force on the date of approval by the Company’s Director. All current staff and contractors are bound by its provisions, and all new joiners are subject to its requirements during onboarding.
14.3 Responsibility for implementation, oversight, and maintenance of this Policy rests with the Director, who serves as the central point of contact for questions regarding its application.
14.4 Questions regarding this Policy or internal compliance procedures may be addressed via the official contact email: […]. [IA2]
14.5 This Policy, together with its Annexes, forms the framework for internal compliance. Annexes provide supplementary tools, templates, or reference materials and are maintained by the Company.
14.6 The Policy is made accessible to all staff and distributed during onboarding or when material amendments are introduced, accompanied by explanatory notes and internal guidance.
ANNEX 1 - CLIENT ONBOARDING FORM - BRIEF
Purpose: Capture initial identifiers, business purpose, preliminary SoF/SoW notes, and contractual scope. Feeds the Onboarding workflow and Approved Verification Tool screening.
Client Onboarding Form – Template
1. Intake reference / ID:
______________________________
2. Date and Time:
______________________________
3. Source (referrer, channel, sales):
______________________________
4. Client type:
☐ Individual
☐ Legal Entity
5. Client name or Legal name:
______________________________
6. Country of residence or incorporation:
______________________________
7. Primary contact (name, role, email, tel):
______________________________
8. Proposed Services and Scope:
______________________________
9. Declared Source of Funds or Source of Wealth (only if EDD required):
______________________________
10. Are there any known adverse indicators at intake?
☐ Yes
☐ No
If Yes — brief description:
11. Immediate risk flag:
☐ No Flag
☐ Low
☐ Medium
☐ High
supporting note:
12. Documents requested at intake:
☐ ID / passport
☐ Proof of address
☐ Corporate docs (incorporation, mem/aoa)
☐ List of directors / UBO
☐ SoF / SoW evidence (only if EDD required.)
☐ Power of attorney (if applicable)
13. Assigned to (onboarding owner or compliance reviewer):
______________________________
14. Initial automated screening completed?
☐ Yes
☐ No
Verification Tool report ref:
______________________________
15. Next steps or Notes:
______________________________
ANNEX 2 - SOURCE OF WEALTH DECLARATION FORM
NOTE: Supporting documents attached to this form should be recent and relevant (issued or certified within the last three (3) months). At least one section below must be completed and supported by documentary evidence.
Client name or Legal name:
______________________________
Client reference and Onboarding ID:
______________________________
Date:
______________________________
Declaration
I declare that my accumulated wealth is derived from legitimate sources and is not linked to ML/TF.
Sources are described below (tick all that apply and attach supporting documents).
1. Company capital / Dividends
☐ Applicable
Company name:
______________________________
Registered address:
______________________________
Jurisdiction of registration:
______________________________
Nature of business:
______________________________
Estimated annual profit / dividends
______________________________
Supporting documents (attach): certificate of incorporation, shareholder register, dividend statements, audited accounts, license (if applicable).
2. Income from business / Self-employment
☐ Applicable
Company name / trading name:
______________________________
Nature of business:
______________________________
Jurisdiction:
______________________________
Estimated annual income:
______________________________
Supporting documents (attach): latest audited accounts or management accounts, employer/company confirmation, bank statements showing receipts.
3. Investment income / Gains from investments
☐ Applicable
Type of investment:
______________________________
Amount realised:
______________________________
Date(s) of disposal / redemption:
______________________________
Supporting documents (attach): investment account statements, broker confirmations, bank receipts showing proceeds.
4. Sale / liquidation of assets (property, business, securities)
☐ Applicable
Description of asset sold:
______________________________
Address / identifying details:
______________________________
Date of sale:
______________________________
Sale proceeds:
______________________________
Supporting documents (attach): sale contract, title deed, escrow/settlement statement, bank receipt.
5. Inheritance / Gift
☐ Applicable
Name of donor / deceased:
______________________________
Relationship to you:
______________________________
Date received:
______________________________
Amount/value:
______________________________
Supporting documents (attach): will/probate documents, solicitor’s letter, bank statements.
6. Salary / Employment income
☐ Applicable
Employer name:
______________________________
Position / occupation:
______________________________
Employer address / jurisdiction:
______________________________
Gross annual income:
______________________________
Supporting documents (attach): last 3 payslips, employer confirmation letter, bank statements showing salary credits
7. Pensions / Regular annuities
☐ Applicable
(please complete section 6 where relevant)
Supporting documents (attach): pension statements, bank statements
8. Proceeds from sale of a company / business exit
☐ Applicable
Company name:
______________________________
Nature of transaction / date:
______________________________
Sale proceeds:
______________________________
Supporting documents (attach): sale agreement, solicitor’s confirmation, bank receipt
9. Compensation / Insurance proceeds / Settlements
☐ Applicable
Payer/insurer:
______________________________
Reason for payment:
______________________________
Amount / date:
______________________________
Supporting documents (attach): settlement agreement, insurance payout notice, bank receipt
10. Family support / family business
☐ Applicable
Family member:
______________________________
Relationship:
______________________________
Member’s source of wealth (brief):
______________________________
Supporting documents (attach):
______________________________
11. Other (specify)
☐ Applicable
Describe:
______________________________
Supporting documents (attach):
______________________________
Translations
All supporting documents must be provided in English or accompanied by a certified English translation.
ANNEX 3 - CUSTOMER VERIFICATION PROCEDURES
Purpose: Operational procedures for onboarding and CDD in accordance with Policy.
STEP-BY-STEP PROCEDURES
1. Initial Intake and Risk Flagging
1.1. Capture intake ID, date/time, client type, preliminary SoF/SoW notes (EDD only), risk flag.
1.2. Assign immediate risk flag: No / Low / Medium / High.
1.3. If High or known adverse indicator → escalate directly to Director. Suspend further onboarding until Director instruction.
2. Document Request and Upload
2.1. Individuals: ID/Passport, proof of address ≤3 months, contact info, occupation, SoF/SoW (EDD only), POA if acting for third party.
2.2. Legal Entities: Certificate of Incorporation, constitutional documents, directors list, shareholders/UBO, corporate address ≤3 months, activities description.
2.3. Documents in English or certified translation.
2.4. Upload to Company secure repository.
3. Automated Screening via Approved Verification Tool
3.1. Submit to Approved Verification Tool immediately after upload. Screen for sanctions, PEP, risk scoring.
3.2. Record report reference in client file.
3.3. Critical alerts → escalate and suspend onboarding pending manual review.
4. UBO Identification for Legal Entities
4.1. Collect only company name, registration number, jurisdiction, representative name and ID, UBO name and ownership share.
4.2. Extra documents may be requested only if ownership is unclear or high-risk indicators are present.
4.3. Complex ownership → obtain org chart, shareholder agreements, evidence to trace to natural person.
4.4. Cannot verify UBO → escalate / EDD / decline onboarding.
4.5. Director must approve EDD before onboarding
5. Enhanced Due Diligence (EDD) Procedures
5.1. Trigger: PEP, High-risk jurisdiction, complex ownership, inconsistent documents, adverse media, refusal.
5.2. Actions: Obtain detailed SoF/SoW evidence, Director approval.
5.3. Document all steps in client file.
6. Decision, Record and Access Provisioning
6.1. Options: Approve / Approve with Conditions / Decline / Defer.
6.2. High Risk → Director sign-off required.
6.3. Record decision, rationale, Verification Tool references, and conditions.
6.4. Access granted only after all checks, conditions resolved, contractual/consent steps completed.
ANNEX 4 - SUSPICIOUS ACTIVITY REPORT (SAR) TEMPLATE
Employee Name:
Reporting period:
Description of Client information
Full name / company name, ID number, account ID, onboarding date.
__________________________________________________________________________________________________________________________________________________________
2. Description of the suspicious activity
Detailed factual summary of observed behaviour, transactions, or inconsistencies.
__________________________________________________________________________________________________________________________________________________________
3. Type of suspicion
☐ Money laundering
☐ Terrorist financing
☐ Fraud
☐ Sanctions breach
☐ Other (specify):
__________________________________________________________________________________________________________________________________________________________
4. Trigger
Note any transaction pattern, mismatch of documents, adverse media, refusal to provide information.
__________________________________________________________________________________________________________________________________________________________
5. Value
Specify the сurrency, total value, and number of transactions (if applicable).
__________________________________________________________________________________________________________________________________________________________
6. Supporting evidence
Description or list of attached files, screenshots, communications, etc
__________________________________________________________________________________________________________________________________________________________
7. Steps taken
Any immediate steps before escalation (e.g., temporary hold, verification request
__________________________________________________________________________________________________________________________________________________________
This report contains confidential information intended solely for Compliance and, if applicable, the competent authority
Signature: ____________________
Review: __________________________________________________________________________________________________________________________________________________________
1.1 This Anti-Money Laundering, Counter-Terrorist Financing, and Customer Identification Policy (“Policy”) sets out the approach of WWay Corp. (“the Company”) to basic client identification and compliance procedures in connection with its advisory and consulting services in investment strategy, digital assets, and DeFi infrastructure (the “Service”).
1.2 The Company does not manage, hold, or control Client funds or digital assets. All investment and operational decisions are made solely by the Client.
1.3 The purpose of this Policy is to ensure that all Clients are properly identified and that the Company’s services are not used for illegal or fraudulent purposes, in accordance with reasonable compliance standards applicable to non-custodial advisory firms.
2. Definitions
For the purpose of these Policy, the following capitalized terms shall have the meanings set forth below:
- Client/Customer – means a natural person or a legal entity (including collective investment undertakings, funds, or family offices) which has or intends to have a Business Relationship with the Company;
- Business Relationship – means any contractual cooperation between the Company and the Client that has an element of duration and does not involve management or custody of client funds;
- Beneficial Owner/UBO – a natural person who ultimately owns or controls the Client (legal entity);
- Money Laundering/ML – means:
a) The conversion or transfer of property, knowing that such property is derived from criminal activity, for the purpose of concealing its illicit origin or assisting any person involved to evade legal consequences;
b) The concealment or disguise of the true nature, source, location, disposition, or ownership of property derived from criminal activity;
c) The acquisition, possession, or use of property, knowing that such property is derived from criminal activity;
d) Participation in, association to commit, aiding, abetting, or facilitating any of the above;
- Terrorist Financing/TF – means the provision or collection of funds, directly or indirectly, with the intention or knowledge that they will be used, in whole or in part, to carry out terrorist acts as defined in Article 2 of the International Convention for the Suppression of the Financing of Terrorism (1999);
- Know Your Client/KYC – the process of collecting and verifying basic identification information about the Client or its representatives to confirm identity and lawful origin of funds used for payment;
- Customer Due Diligence/CDD – measures to identify and verify the Client before establishing a business relationship;
- Enhanced Due Diligence/EDD – additional measures required for higher-risk Clients at the Company’s discretion. EDD may be applied internally at the Company’s discretion. It is not a legal requirement and does not automatically lead to rejection of clients;
- Source of Funds(SoF)/Source of Wealth (SoW) – the origin of a Client’s accumulated wealth, including lawful income, investments, or business proceeds, used to establish the legitimacy of funds deployed in the Business Relationship. SoF/SoW is taken as a short client declaration. Supporting documents are requested only if the client is high-risk or if red flags appear;
- Politically Exposed Person/PEP – means the natural persons who are or have been entrusted with Prominent Public Functions and Close Family Members or Close Associates of such persons;
- Suspicious Activity – any behavior or pattern that raises doubts about the legality of funds or identity of the Client and may result in refusal to cooperate;
- AML Provider/Approved Verification Tool – automated or manual ID verification services (e.g., AML-bot, API-based solution) used to confirm client identity.
3. Scope and Objectives of the Policy
3.1 This Policy applies to all activities and services provided by the Company in connection with its advisory and consulting operations.
3.2 The Policy applies to all Company personnel, including management, employees, contractors, and any third-party service providers engaged in Client identification or onboarding.
3.3 The main objectives of this Policy are to:
- Ensure that the Company follows reasonable compliance and Client identification practices consistent with its non-custodial advisory nature;
-
- Prevent the use of the Company’s services for ML, TF, or other illicit purposes;
- Establish clear and proportionate procedures for identifying and verifying Clients.
4. Governance and Responsibilities
4.1 The Director of the Company acts as the Responsible Person overseeing compliance with this Policy.
4.2 The Director ensures that the Company maintains internal procedures for proper client identification and for preventing the use of its services for illegal purposes.
4.3 The Company may use automated or third-party verification tools (Approved Verification Tool) to support identity verification
4.4 All employees and contractors involved in Сlient onboarding or advisory activities must be familiar with this Policy, follow the prescribed identification procedures, and immediately escalate any concerns regarding suspicious Сlients to the Director.
5. Know Your Customer Requirements
5.1 The Company implements KYC procedures as part of its Client identification to ensure that each Client is properly verified before establishing a Business Relationship.
5.2 All KYC information shall be verified using Approved Verification Tool or other reliable and independent sources where available.
5.3 Verification shall be proportionate to the nature of the services provided and the information available:
5.3.1 Individuals:
a) Full legal name.
b) Date and place of birth.
c) Valid government-issued photo identification document, such as a passport, national ID card, or residence permit.
d) Proof of residential address issued within the last three (3) months.
e) Contact information, including email address and telephone number.
f) Signature under contractual agreement (e.g., DocuSign)
g) Occupation and SoF and SoW may be requested only under EDD.
5.3.2 Legal Entities. The minimum required documentation for legal entities comprises:
a) Full legal name, registration number, date and place of incorporation, and registered address.
b) Certificate of Incorporation or equivalent registration document.
c) List of directors and authorized representatives with valid identification; list of shareholders and UBO, with ownership percentages;
d) Occupation and SoF and SoW may be requested only under EDD.
5.4 The Company does not accept anonymous, fictitious, or third-party Clients acting on behalf of undisclosed principals.
5.5 In the event of doubt regarding the authenticity of information or documents, onboarding must be suspended until the required information is obtained and verified.
6. Customer Onboarding and Customer Due Diligence
6.1 The objectives of onboarding and CDD are to verify the Client’s identity, understand the general nature of the relationship, and ensure that services are not used for illicit purposes. CDD is applied from the first contact and continues throughout the Business Relationship.
6.2 Levels of due diligence include:
- Standard Due Diligence/SDD - applied to most Clients; includes verification of identity and, where applicable, UBO identification;
- Enhanced Due Diligence/EDD - applied only when a Client presents higher risk (e.g. PEP, complex ownership, high-risk jurisdiction); may include obtaining a brief written confirmation of SoF or SoW and approval by the Director.
6.3 The Company uses an Approved Verification Tool to confirm client identity and perform basic sanctions/PEP screening.
6.4 Onboarding steps include:
a) Collection of identification data and documents.
b) Verification of documents using available tools.
c) Review and approval by the Director.
d) Secure electronic recordkeeping for three (3) years.
6.5 For legal entities the Company must identify and verify all UBO to the natural person who ultimately owns or controls the entity.
6.6 EDD measures, when applied, include obtaining a brief of SoF/SoW and Director approval prior to onboarding. All EDD records are retained electronically for at least three (3) years.
7. Risk Assessment and Risk-Based Approach
7.1 The Company applies a risk-based approach to all its Business Relationships and activities. This approach ensures that Clients presenting higher risk may be subject to EDD, while standard Clients undergo basic identification and verification. The Director retains ultimate responsibility for all compliance decisions.
7.2 Risk assessment is based on information collected during onboarding and, where applicable, internal review at Director’s discretion.
7.3 Risk factors may include:
Categories
Short description
Factors
Customers
Risk stemming from the Client’s identity, legal form, ownership, reputation and behavior;
Natural person vs complex entity; unclear or layered ownership; limited documentation.
Countries or Jurisdictions
Risk arising from the Client’s country of residence, incorporation
High-risk or sanctioned jurisdictions; routing through secrecy jurisdictions.
7.4 The Company applies a risk-based approach, meaning that enhanced scrutiny may be applied where higher risk factors are identified.
7.5 All risk assessments, onboarding files, and EDD materials including SoF/SoW evidence are documented and retained electronically for at least three (3) years.
8. Maintaining Current Customer Information
8.1 The Company maintains accurate and up-to-date information about all Clients throughout the course of the Business Relationship. The purpose of this ongoing due diligence is to ensure that the relationship remains consistent with the Client’s initially declared purpose, risk level, and nature of engagement.
8.2 The Company does not execute or control Client transactions. Ongoing verification focuses on ensuring that Client profiles and ownership structures remain accurate and consistent with information provided during onboarding.
8.3 The Company may request Clients to provide updated identification documents, declarations, or supporting information if new risk factors are identified or existing information becomes outdated.
9. Suspicious Activity Reporting and Reporting Obligations
9.1 All suspicious activity is recorded and handled internally. The Company has no obligation to file external SARs unless specifically required by law.
9.2 All employees must report any unusual or suspicious activity observed in the course of Client interactions.
9.3 Internal reporting steps include:
a) Observation and completion of an internal report (Annex 4) by the employee.
b) The Director or designated Responsible Person reviews the report and determines any appropriate internal action.
9.4 All internal reports are treated as strictly confidential, with access limited to the Director or other authorised personnel.
10. Refusal or Termination of the Business Relationship
10.1 The Company may refuse to establish or may terminate a Business Relationship if:
- The Client or UBO fails to provide required identification or verification information;
- The Client engages in activities that appear inconsistent with the declared purpose of the relationship;
- The Responsible Person or Director determines that continuing the relationship is inappropriate.
10.2 Decisions to refuse or terminate must be documented, including the rationale, supporting information.
10.3 The Company is not required to provide reasons to the Client for refusal or termination.
11. Record Keeping, Data Protection and Confidentiality
11.1 All Client information collected for onboarding and identification purposes is stored electronically.
11.2 Records, including onboarding files, KYC, EDD materials (SoF/SoW), and internal compliance decisions, are retained for at least three (3) years from the end of the Business Relationship.
11.3 Data is stored in secure cloud environments (e.g., Google Drive, Notion) or protected company drives.
11.4 Access to records is strictly limited to the Director and Responsible Person.
11.5 Only information necessary for implementation of this Policy and contractual obligations is collected and retained.
12. Conflicts of Interest
12.1 The Company identifies, manages, and mitigates conflicts of interest to maintain impartiality in advisory services. Conflicts may arise when the Company or its employees have personal, financial, or business interests that could affect objectivity.
12.2 Mitigation measures include:
- Disclosure of potential conflicts to Clients;
- Segregation of duties and decision-making;
- Escalation to the Director;
- Documentation of decisions, rationale, and mitigation measures.
13. Staff Training
13.1 All staff and contractors involved in Client onboarding or advisory services are expected to complete training on the Company’s client identification procedures and internal compliance systems.
13.2 The training is designed to provide knowledge and guidance on:
- Recognising potential Suspicious Activity;
- Reporting obligations and escalation procedures;
- Using Approved Verification Tool tools and internal compliance systems.
13.3 Refresher training is recommended at least annually, or more frequently if required by regulatory updates.
13.4 The Director coordinates and updates the training program and supports staff in understanding and applying internal compliance procedures.
14. Miscellaneous
14.1 This Policy shall be reviewed periodically and updated as necessary to reflect internal procedural changes and best practices in client protection.
14.2 This Policy enters into force on the date of approval by the Company’s Director. All current staff and contractors are bound by its provisions, and all new joiners are subject to its requirements during onboarding.
14.3 Responsibility for implementation, oversight, and maintenance of this Policy rests with the Director, who serves as the central point of contact for questions regarding its application.
14.4 Questions regarding this Policy or internal compliance procedures may be addressed via the official contact email: […]. [IA2]
14.5 This Policy, together with its Annexes, forms the framework for internal compliance. Annexes provide supplementary tools, templates, or reference materials and are maintained by the Company.
14.6 The Policy is made accessible to all staff and distributed during onboarding or when material amendments are introduced, accompanied by explanatory notes and internal guidance.
ANNEX 1 - CLIENT ONBOARDING FORM - BRIEF
Purpose: Capture initial identifiers, business purpose, preliminary SoF/SoW notes, and contractual scope. Feeds the Onboarding workflow and Approved Verification Tool screening.
Client Onboarding Form – Template
1. Intake reference / ID:
______________________________
2. Date and Time:
______________________________
3. Source (referrer, channel, sales):
______________________________
4. Client type:
☐ Individual
☐ Legal Entity
5. Client name or Legal name:
______________________________
6. Country of residence or incorporation:
______________________________
7. Primary contact (name, role, email, tel):
______________________________
8. Proposed Services and Scope:
______________________________
9. Declared Source of Funds or Source of Wealth (only if EDD required):
______________________________
10. Are there any known adverse indicators at intake?
☐ Yes
☐ No
If Yes — brief description:
11. Immediate risk flag:
☐ No Flag
☐ Low
☐ Medium
☐ High
supporting note:
12. Documents requested at intake:
☐ ID / passport
☐ Proof of address
☐ Corporate docs (incorporation, mem/aoa)
☐ List of directors / UBO
☐ SoF / SoW evidence (only if EDD required.)
☐ Power of attorney (if applicable)
13. Assigned to (onboarding owner or compliance reviewer):
______________________________
14. Initial automated screening completed?
☐ Yes
☐ No
Verification Tool report ref:
______________________________
15. Next steps or Notes:
______________________________
ANNEX 2 - SOURCE OF WEALTH DECLARATION FORM
NOTE: Supporting documents attached to this form should be recent and relevant (issued or certified within the last three (3) months). At least one section below must be completed and supported by documentary evidence.
Client name or Legal name:
______________________________
Client reference and Onboarding ID:
______________________________
Date:
______________________________
Declaration
I declare that my accumulated wealth is derived from legitimate sources and is not linked to ML/TF.
Sources are described below (tick all that apply and attach supporting documents).
1. Company capital / Dividends
☐ Applicable
Company name:
______________________________
Registered address:
______________________________
Jurisdiction of registration:
______________________________
Nature of business:
______________________________
Estimated annual profit / dividends
______________________________
Supporting documents (attach): certificate of incorporation, shareholder register, dividend statements, audited accounts, license (if applicable).
2. Income from business / Self-employment
☐ Applicable
Company name / trading name:
______________________________
Nature of business:
______________________________
Jurisdiction:
______________________________
Estimated annual income:
______________________________
Supporting documents (attach): latest audited accounts or management accounts, employer/company confirmation, bank statements showing receipts.
3. Investment income / Gains from investments
☐ Applicable
Type of investment:
______________________________
Amount realised:
______________________________
Date(s) of disposal / redemption:
______________________________
Supporting documents (attach): investment account statements, broker confirmations, bank receipts showing proceeds.
4. Sale / liquidation of assets (property, business, securities)
☐ Applicable
Description of asset sold:
______________________________
Address / identifying details:
______________________________
Date of sale:
______________________________
Sale proceeds:
______________________________
Supporting documents (attach): sale contract, title deed, escrow/settlement statement, bank receipt.
5. Inheritance / Gift
☐ Applicable
Name of donor / deceased:
______________________________
Relationship to you:
______________________________
Date received:
______________________________
Amount/value:
______________________________
Supporting documents (attach): will/probate documents, solicitor’s letter, bank statements.
6. Salary / Employment income
☐ Applicable
Employer name:
______________________________
Position / occupation:
______________________________
Employer address / jurisdiction:
______________________________
Gross annual income:
______________________________
Supporting documents (attach): last 3 payslips, employer confirmation letter, bank statements showing salary credits
7. Pensions / Regular annuities
☐ Applicable
(please complete section 6 where relevant)
Supporting documents (attach): pension statements, bank statements
8. Proceeds from sale of a company / business exit
☐ Applicable
Company name:
______________________________
Nature of transaction / date:
______________________________
Sale proceeds:
______________________________
Supporting documents (attach): sale agreement, solicitor’s confirmation, bank receipt
9. Compensation / Insurance proceeds / Settlements
☐ Applicable
Payer/insurer:
______________________________
Reason for payment:
______________________________
Amount / date:
______________________________
Supporting documents (attach): settlement agreement, insurance payout notice, bank receipt
10. Family support / family business
☐ Applicable
Family member:
______________________________
Relationship:
______________________________
Member’s source of wealth (brief):
______________________________
Supporting documents (attach):
______________________________
11. Other (specify)
☐ Applicable
Describe:
______________________________
Supporting documents (attach):
______________________________
Translations
All supporting documents must be provided in English or accompanied by a certified English translation.
ANNEX 3 - CUSTOMER VERIFICATION PROCEDURES
Purpose: Operational procedures for onboarding and CDD in accordance with Policy.
STEP-BY-STEP PROCEDURES
1. Initial Intake and Risk Flagging
1.1. Capture intake ID, date/time, client type, preliminary SoF/SoW notes (EDD only), risk flag.
1.2. Assign immediate risk flag: No / Low / Medium / High.
1.3. If High or known adverse indicator → escalate directly to Director. Suspend further onboarding until Director instruction.
2. Document Request and Upload
2.1. Individuals: ID/Passport, proof of address ≤3 months, contact info, occupation, SoF/SoW (EDD only), POA if acting for third party.
2.2. Legal Entities: Certificate of Incorporation, constitutional documents, directors list, shareholders/UBO, corporate address ≤3 months, activities description.
2.3. Documents in English or certified translation.
2.4. Upload to Company secure repository.
3. Automated Screening via Approved Verification Tool
3.1. Submit to Approved Verification Tool immediately after upload. Screen for sanctions, PEP, risk scoring.
3.2. Record report reference in client file.
3.3. Critical alerts → escalate and suspend onboarding pending manual review.
4. UBO Identification for Legal Entities
4.1. Collect only company name, registration number, jurisdiction, representative name and ID, UBO name and ownership share.
4.2. Extra documents may be requested only if ownership is unclear or high-risk indicators are present.
4.3. Complex ownership → obtain org chart, shareholder agreements, evidence to trace to natural person.
4.4. Cannot verify UBO → escalate / EDD / decline onboarding.
4.5. Director must approve EDD before onboarding
5. Enhanced Due Diligence (EDD) Procedures
5.1. Trigger: PEP, High-risk jurisdiction, complex ownership, inconsistent documents, adverse media, refusal.
5.2. Actions: Obtain detailed SoF/SoW evidence, Director approval.
5.3. Document all steps in client file.
6. Decision, Record and Access Provisioning
6.1. Options: Approve / Approve with Conditions / Decline / Defer.
6.2. High Risk → Director sign-off required.
6.3. Record decision, rationale, Verification Tool references, and conditions.
6.4. Access granted only after all checks, conditions resolved, contractual/consent steps completed.
ANNEX 4 - SUSPICIOUS ACTIVITY REPORT (SAR) TEMPLATE
Employee Name:
Reporting period:
Description of Client information
Full name / company name, ID number, account ID, onboarding date.
__________________________________________________________________________________________________________________________________________________________
2. Description of the suspicious activity
Detailed factual summary of observed behaviour, transactions, or inconsistencies.
__________________________________________________________________________________________________________________________________________________________
3. Type of suspicion
☐ Money laundering
☐ Terrorist financing
☐ Fraud
☐ Sanctions breach
☐ Other (specify):
__________________________________________________________________________________________________________________________________________________________
4. Trigger
Note any transaction pattern, mismatch of documents, adverse media, refusal to provide information.
__________________________________________________________________________________________________________________________________________________________
5. Value
Specify the сurrency, total value, and number of transactions (if applicable).
__________________________________________________________________________________________________________________________________________________________
6. Supporting evidence
Description or list of attached files, screenshots, communications, etc
__________________________________________________________________________________________________________________________________________________________
7. Steps taken
Any immediate steps before escalation (e.g., temporary hold, verification request
__________________________________________________________________________________________________________________________________________________________
This report contains confidential information intended solely for Compliance and, if applicable, the competent authority
Signature: ____________________
Review: __________________________________________________________________________________________________________________________________________________________