Anti Money Laundering Compliance Policy

Introduction

This Anti Money Laundering Compliance Policy of Paynnacle Solutions Ltd., the Company registered in Canada, province Ontario, under registration number 1000805334 (the “Company” or “we”) governs the Company’s principles and standards to prevent money laundering, to combat terrorism, and financial crime. Paynnacle Solutions Ltd. fulfils legal obligations as required by the Canadian Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and other applicable rules and regulations connected to anti-money laundering and counter-terrorist financing (“AML/CTF”) obligations.

This AML Policy explains the basic current principles of anti-money laundering and counter-terrorist financing obligations and provides answers and explanations on PCMLTFA’s definition of transaction types, reporting requirements, client information and record keeping.

As a money service business in Canada, the Company ensures it is fully compliant with Canadian legislation to combat money laundering and terrorism. The Company respects and adheres to the international, foreign, and domestic laws applicable to its business.

We have other internal policies on this subject matter.

The term “money laundering” evolved to illustrate illegal and criminal activities when individual attempts to hide the original source of money or assets gained from various illicit activities, such as bribery, tax evasion, fraud.

2. Money Laundering Reporting Officer (MLRO)

• 2.1. The Money Laundering Reporting Officer (MLRO) is the Company’s employee responsible for overseeing all activities related to anti-money laundering (AML) matters. The MLRO ensures that the Company remains compliant with applicable laws and effectively manages risks associated with money laundering and terrorism financing.
• 2.2. The responsibilities of the MLRO include:
• 2.2.1. Receiving disclosures from employees, also known as Suspicious Transaction Reports (STRs);
• 2.2.2. Deciding whether disclosures should be reported to the Financial Transactions and Reports Analysis Centre (FINTRAC), the Royal Canadian Mounted Police (RCMP), or the Canadian Security Intelligence Service (CSIS);
• 2.2.3. Reviewing all new laws and assessing their impact on the Company's operational processes;
• 2.2.4. Preparing a written procedures manual and making it available to all employees and other stakeholders;
• 2.2.5. Ensuring that appropriate due diligence is conducted on clients and business partners;
• 2.2.6. Receiving internal Suspicious Transaction Reports (STRs) from employees;
• 2.2.7. Deciding which internal STRs need to be reported to FINTRAC, RCMP, or CSIS;
• 2.2.8. Properly recording all decisions related to STRs;
• 2.2.9. Ensuring that employees receive anti-financial crime training upon joining the Company and regular refresher training thereafter;
• 2.2.10. Monitoring business relationships and documenting reviews and decisions taken;
• 2.2.11. Making decisions about continuing or terminating trading activity with specific clients;
• 2.2.12. Ensuring that all business records are retained for at least five years from the date of the last client transaction, in accordance with FINTRAC regulations.

3. Customer Identification and Verification

• 3.1. The Company has implemented structured onboarding procedures for both private individuals and legal entities to ensure compliance with local laws and regulations. These onboarding requirements are tailored to the type of client and the business services offered.
• 3.2. To facilitate a smooth and legally compliant client onboarding process, the Company must gather comprehensive information about prospective clients to conduct an accurate risk assessment. The client enrollment procedures are essential for verifying client identities, which form a cornerstone of Canada's Anti-Money Laundering and Anti-Terrorist Financing framework, and are a fundamental aspect of the Company's client relationships.
• 3.3. Clients are required to complete an application form and provide a checklist of documents pertinent to their profile, whether individual or corporate.
• 3.4. The Company uses SumSub verification, through which clients undergo identity verification. SumSub conducts verification and identification of remote clients on behalf of the Company in accordance with the service agreement, Canadian legislation, and global regulatory standards.
• 3.5. SumSub assesses whether the user's attributes, such as geolocation, device signature, email address, or mobile phone, have any association with fraudulent activity in the past or currently exhibit suspicious behavioural patterns. It also compares the features of the identification document against known characteristics and security features to ensure authenticity.
• 3.6. Screening involves comparing client information with third-party data to achieve risk management objectives. This includes both structured data, such as sanctions lists and politically exposed persons (PEPs), and unstructured data, such as adverse media.
• 3.7. During account creation, clients must provide identification documents, such as passport copies, identity cards, and residence/work permits. Clients must also provide address verification documents, such as utility bills, telephone bills, bank statements, or credit card bills dated within the last six months.
• 3.8. Every client is required to complete and sign an application form detailing their personal information, occupation, and the purpose and intended use of the account.
• 3.9. Some clients, classified as high risk or PEPs, may be subject to Enhanced Due Diligence (EDD). This may entail providing additional documents, such as a selfie with ID, a resume, a source of wealth/funds declaration, and participation in a live video chat session if necessary.
• 3.10. Legal entities must furnish corporate documents, including a Certificate of Incorporation, Memorandum/Articles of Association, Registers of Directors/Shareholders, Certificate of Incumbency, and applicable licences.
• 3.11. Legal entities are also required to provide identification and address proof for shareholders, directors, and Ultimate Beneficial Owners (UBOs).
• 3.12. Legal entities subject to EDD must provide additional documents, such as proof of business address, audited financial statements, a source of wealth/funds declaration, a UBO declaration, and may be asked to participate in a live video chat session.

4. Record Keeping

• 4.1. The Company is committed to maintaining detailed records as required by law to ensure compliance and to help prevent, detect, and investigate money laundering and terrorist financing activities.
• 4.2. The Company records the following types of information:
• 4.2.1. Transaction records - documentation of all transactions carried out by clients, including details such as the amount, date, and purpose of each transaction;
• 4.2.2. Report submissions - records of all reports submitted to regulatory authorities, including Suspicious Transaction Reports (STRs);
• 4.2.3. Internal documentation - internal records and reports related to compliance activities, risk assessments, and decisions made in relation to client activities;
• 4.2.4. Client Information - records of client transactions, due diligence, details of client identification, and the purposes of business relationships. These records include essential details such as names, addresses, dates of birth, occupations, and for entities, the nature of their principal business.
• 4.3. All documents and records will be retained throughout the business relationship and for at least five years thereafter.

5. Suspicious Transaction Reporting

• 5.1. The ongoing monitoring of business relationships is essential to identifying suspicious transactions that require reporting to FINTRAC. This process also ensures the accuracy of client identification information, reassesses the risk level associated with client profiles, and maintains a comprehensive understanding of clients' identities and activities to effectively assess money laundering risks and maintain accurate records.
• 5.2. The Company uses reputable service providers offering screening software to conduct daily client screenings and promptly notify the Company of any detected matches. Every client and directly related parties are registered in the software's database during the onboarding process.
• 5.3. Before authorising or finalising transactions flagged by the monitoring system, the Transaction Monitoring Officer will verify their alignment with the Client's stated activities. Monitoring of client transactions is conducted to ensure conformity with expected activities, enabling the detection and scrutiny of potential money laundering indicators, and allowing for prompt action on any changes that may necessitate a reassessment of money laundering risk.
• 5.4. The Company may request various documents from the Client, such as sources of funds/wealth, proof of employment, business details, and transaction history, to support this monitoring process.
• 5.5. Systems and controls implemented by the Company must align with the money laundering and terrorist financing (ML/TF) risks faced by the Company.

6. Training and Awareness

• 6.1. All individuals within the Company who interact with clients, observe client transaction activity, handle fund transactions, or are responsible for implementing and overseeing the compliance regime are required to complete a training program to learn and understand their obligations.
• 6.2. All new employees who communicate with clients must complete the training within three months of their employment start date. Other employees are trained annually, or more frequently if there are changes in legislation or new policies.
• 6.3. The training program provides all employees with an understanding of the money laundering process, the laws and regulations that criminalise it, and the responsibilities of employees to help detect and prevent such activities.
• 6.4. The training on Anti-Money Laundering and Counter Financing of Terrorism (AML/CFT) issues raises awareness of financial crime risks, global laws and regulations, as well as those specifically applicable to the Company.
• 6.5. Training is delivered annually, with additional sessions provided regularly based on changes in government regulations and the Company’s compliance program requirements.
• 6.6. The training program includes a record of each training session, detailing the date the training took place, a list of attendees, and the topics covered. The Company will retain employee training records for at least three years after each training session is completed.

7. Risk Assessment

• 7.1. As part of its risk assessment process, the Company conducts a thorough evaluation of its business, clients, and business relationships at least every two years. This assessment aims to identify areas that may be vulnerable to exploitation by criminals for money laundering or terrorist financing (ML/TF) activities.
• 7.2. The risk is assessed in accordance with the Company’s Risk Scoring methodology. The assessment considers potential vulnerabilities, including weak internal controls and the offering of high-risk products and services.
• 7.3. The scope of the risk assessment encompasses various factors, including the nature, size, and complexity of the organisation; the products and services offered; target markets; exposure to high-risk clients; jurisdictional considerations; distribution channels; and transaction volume and size compared to historical data.
• 7.4. Additionally, the risk assessment includes evaluations of the Company’s systems, compliance measures, audit findings, and regulatory reviews.

8. Reporting

• 8.1. The Company is responsible for reporting the following types of transactions and activities:
• 8.1.1. Suspicious transactions;
• 8.1.2. Large cash transactions;
• 8.1.3. Terrorist property;
• 8.1.4. Electronic funds transfers;
• 8.1.5. Large virtual currency transactions.
• 8.2. The Company will submit a Terrorist Property Report (TPR) to FINTRAC, detailing all property in its possession or control that the Company has reason to believe is owned, held, or controlled by or on behalf of a terrorist group or listed terrorist person.
• 8.3. The Company will report each transaction where it receives an amount of CAD 10,000 or more in cash during a single transaction. Each such transaction will be reported to FINTRAC individually.
• 8.4. The Company will also report situations where the aggregate of multiple transactions within a 24-hour period, conducted by or on behalf of the same person, entity, or beneficiary, is equal to or greater than CAD 10,000.

9. Review and Update of Policy

• 9.1. This Policy, along with other related guidelines, shall be reviewed and updated at least once every two years to ensure it meets the highest standards and complies with local, regional, and international regulatory requirements.
• 9.2. Regular reviews may result in updates to the Company’s obligations, particularly concerning Know Your Customer (KYC) and Know Your Business (KYB) procedures, to ensure ongoing compliance.

10. Contact Information

• 10.1. For any questions or concerns regarding this AML Policy, please contact the AML Compliance Officer at [email protected].