top of page
← Back to Legal

AML/CFT Policy

  1. Introduction Shipfinex FZCO (‘Shipfinex’) is dedicated to adhering to the highest standards of Anti-Money Laundering (AML) and Counter Financing of Terrorism (CFT) compliance. This policy establishes a comprehensive framework, procedures, and responsibilities designed to prevent, detect, and report activities related to money laundering and terrorist financing. Shipfinex operates in full compliance with all applicable AML/CFT laws and regulations, including those mandated by the Virtual Assets Regulatory Authority (VARA) and other relevant regulatory bodies, ensuring a secure and transparent operational environment for all stakeholders.

  2. Key Definitions

    1. Anti-Money Laundering (AML): Policies, procedures, and controls designed to prevent and detect money laundering activities.

    2. Counter Financing of Terrorism (CFT): Measures to prevent and combat the financing of terrorism.

    3. Customer Due Diligence (CDD): Procedures to identify and verify the identity of customers.

    4. Enhanced Due Diligence (EDD): Additional scrutiny applied to higher-risk customers or transactions.

    5. Politically Exposed Persons (PEPs): Individuals who are or have been entrusted with prominent public functions and their immediate family members and close associates.

    6. Suspicious Transaction Report (STR): A report made by financial institutions about suspicious or potentially suspicious activity.

    7. Money Laundering Reporting Officer (MLRO): An individual appointed to oversee and ensure compliance with AML/CFT regulations.

  3. Principles, Objectives and Scope The purpose of this policy is to establish the principles and procedures that Shipfinex FZCO follows to detect, prevent, and report money laundering and terrorist financing activities. This policy applies to all employees, officers, directors, and third parties acting on behalf of Shipfinex. It ensures compliance with all applicable AML/CFT laws and regulations, including those set by the Virtual Assets Regulatory Authority (VARA). The policy is regularly reviewed and audited for effectiveness, with the MLRO responsible for maintaining and updating it as needed.

    This policy is developed in line with the requirements stipulated in the VARA Compliance and Risk Management Rulebook, Part III.

  4. Roles and Responsibilities To ensure the effective implementation and oversight of the Anti-Money Laundering (AML) and Counter Financing of Terrorism (CFT) policy, Shipfinex has clearly defined roles and responsibilities for all levels of the organisation. These roles are essential in maintaining compliance with all applicable AML/CFT laws and regulations, particularly those outlined by the Virtual Assets Regulatory Authority (VARA).

    1. Board of Directors

      1. Ensure that the AML/CFT policy is effectively implemented across all levels of the organisation.

      2. Provide strategic oversight and support to the Money Laundering Reporting Officer (MLRO).

      3. Review and approve the AML/CFT policy on an annual basis, ensuring it remains up-to-date with regulatory changes and best practices.

    2. Senior Management

      1. Assist the MLRO in implementing the AML/CFT program by ensuring that adequate resources are allocated to compliance efforts.

      2. Promote a strong culture of compliance within the organisation by setting the tone from the top.

      3. Ensure that all employees are aware of and adhere to the AML/CFT policies and procedures.

    3. Money Laundering Reporting Officer (MLRO)

      1. Oversee the implementation and effectiveness of the AML/CFT program, ensuring all operations comply with relevant regulations.

      2. Ensure the Board and staff receive proper training on AML/CFT laws, particularly those relevant to Virtual Asset (VA) activities.

      3. Develop and implement AML/CFT policies and procedures in line with regulatory guidelines.

      4. Conduct risk assessments and update policies to address identified AML/CFT risks.

      5. Monitor and report suspicious transactions, ensuring compliance with Federal AML/CFT laws.

      6. Take corrective actions in response to non-compliance and report regularly to the Board on the effectiveness of AML/CFT measures.

      7. Provide quarterly reports to the Board, including summaries of anonymity-enhanced transactions, and ensure these reports are available to VARA upon request.

      8. Conduct internal audits to assess the effectiveness of AML/CFT systems and controls.

      9. Remain accountable for all AML/CFT activities, even if delegated, ensuring full compliance with outsourcing management requirements.

      When appointing a Money Laundering Reporting Officer (MLRO), Shipfinex ensures that the individual has at least two years of experience in handling AML/CFT matters and is deemed a Fit and Proper Person for the role. The appointment is reviewed annually to confirm the MLRO's continued capability to perform all relevant duties effectively. Shipfinex acknowledges VARA's authority to request evidence of these qualifications and considers compliance with the applicable regulations as a critical factor in maintaining the MLRO's Fit and Proper status.

    4. Compliance Department

      1. Conduct comprehensive customer due diligence and ongoing monitoring to ensure compliance with AML/CFT regulations.

      2. Investigate any suspicious activities and file Suspicious Activity Reports (SARs) as required.

      3. Maintain detailed records of all AML/CFT activities, ensuring they are easily accessible for regulatory review.

    5. All Employees

      1. Adhere to the AML/CFT policies and procedures outlined by Shipfinex.

      2. Report any suspicious activities or transactions to the MLRO promptly.

      3. Participate actively in all AML/CFT training programs to stay informed on compliance requirements.

      These roles and responsibilities ensure that Shipfinex’s AML/CFT policy is effectively implemented, maintained, and continuously improved to meet the evolving regulatory landscape.

  5. AML/CFT Governance and Regulatory Framework

    Shipfinex is committed to a robust Anti-Money Laundering (AML) and Counter Financing of Terrorism (CFT) framework, ensuring compliance with all relevant laws and regulations. This policy outlines the governance structure and regulatory framework guiding Shipfinex’s efforts to detect, prevent, and report money laundering and terrorist financing activities.

    1. Governance Structure: The governance of Shipfinex’s AML/CFT program is overseen by the Board of Directors and Senior Management, who ensure the effectiveness of the internal control system. The Money Laundering Reporting Officer (MLRO) plays a central role in implementing AML/CFT controls, reporting to senior management, and conducting regular audits and training.

    2. Regulatory Framework: Shipfinex’s AML/CFT policy aligns with the following laws and regulations:

      1. Federal AML-CFT Laws

      2. FATF Standards and Reviews:

        1. 12-Month Review of the Revised FATF Standards on Virtual Assets and VASPs (June 2020).

        2. Second 12-Month Review of the Revised FATF Standards on Virtual Assets and VASPs (July 2021).

        3. Updated Guidance for a Risk-Based Approach to Virtual Assets and VASPs (October 2021).

        4. International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation (March 2022).

      3. Cabinet Resolution No. 74 of 2020: Related to the Terrorist List System and the Implementation of Security Council Resolutions.

      4. UAE Executive Office for Control & Non-Proliferation (EOCN) Guidance (March 2022): On Counter Proliferation Financing for FIs, DNFBPs, and VASPs.

      5. EOCN’s Local Terrorist List: As may be amended from time to time.

      6. Other Applicable Laws and Regulations: As promulgated by VARA, UAE federal bodies, FATF, or the Middle East and North Africa Financial Action Task Force.

    3. Risk-Based Approach (RBA): Shipfinex employs a risk-based approach to allocate resources efficiently, focusing on higher-risk areas. This includes:

      1. Prohibiting transactions under anonymous or fictitious names.

      2. Complying with directives for implementing UN Security Council Resolutions related to the suppression and combating of terrorism, terrorist financing, and the proliferation of weapons of mass destruction and its financing, along with compliance with all other applicable laws, regulatory requirements, and guidelines related to economic sanctions.

      3. Maintaining comprehensive transaction records, whether local or international, for regulatory review.

      4. Ensuring compliance with all AML/CFT requirements as stipulated by relevant authorities.

    4. Screening and Monitoring Procedures: Shipfinex has implemented screening procedures for clients, UBOs, Virtual Asset transactions, and VA Wallet addresses, which are further detailed in this policy. These procedures aim to:

      1. Identify potential illicit activities and adverse information.

      2. Alert operations and compliance teams to impose relevant restrictions and conduct further investigations when necessary.

    5. Third-Party Validation: All AML/CFT policies and procedures are attested by a competent third party and submitted to VARA during the licensing process.

    This comprehensive governance and regulatory framework ensures that Shipfinex remains compliant with all applicable AML/CFT laws and regulations, thereby safeguarding the integrity of its operations in the virtual asset sector


  6. Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) Shipfinex's Customer Due Diligence (CDD) process is integral to identifying and verifying the identity of clients to prevent the misuse of its platform for money laundering, terrorist financing, or other illicit activities. This process is conducted using a risk-based approach and is essential before establishing any business relationship or executing transactions.

    1. Components of CDD:

      1. Client Identification and Verification (ID&V):

        1. Collection and Verification: Shipfinex gathers and verifies client identities using reliable sources, such as government-issued IDs, passports, or electronic verification methods. This includes identifying Ultimate Beneficial Owners (UBOs) and understanding the ownership and control structure.

        2. Sanctions and PEP Screening: All clients and related parties are screened against domestic and international sanctions lists, as well as checked for Politically Exposed Persons (PEPs). Approval from the MLRO and senior management is required before engaging with PEPs.

      2. Know Your Client (KYC):

        1. Information Gathering: Collect detailed information on the client’s business activity, ownership structure, country of operation, source of wealth (SoW), and source of funds (SoF). This helps build a comprehensive client profile.

        2. Purpose Determination: Understand the intended purpose of the business relationship and ensure it aligns with the client’s declared intentions.

      3. Enhanced Due Diligence (EDD):

        1. Application for High-Risk Clients: EDD is implemented for high-risk clients, involving more rigorous verification processes, including additional documentary evidence, frequent reviews, and enhanced transaction monitoring.

        2. In-Depth Verification: For high-risk clients, verify the source of wealth, funds, and address through additional documentation and internet searches to corroborate the client's transaction profile.

      4. Ongoing Monitoring and Review:

        1. Continuous Monitoring: Regular monitoring of all transactions ensures they align with the client’s profile and declared activity. This is particularly stringent for high-risk clients.

        2. Periodic and Event-Driven Reviews: Shipfinex conducts periodic reviews of client risk profiles, with high-risk clients undergoing more frequent assessments. Event-driven reviews are triggered by significant changes in the client’s circumstances, such as a surge in transaction volume or new jurisdiction involvement.

      5. Client Exit Process:

        1. Termination Procedures: If CDD cannot be completed or if identified risks cannot be mitigated, Shipfinex terminates the business relationship. Clients are added to an internal blacklist to prevent re-onboarding.

      6. Customer Due Diligence 

        Shipfinex’s CDD process is critical for verifying customer identities and assessing associated risks, ensuring compliance with AML/CFT regulations. The CDD measures are mandatory and must be undertaken in various circumstances, ensuring that all business relationships and transactions are appropriately scrutinised.

    2. Circumstances Requiring CDD:

      1. Establishing a Business Relationship: CDD is mandatory when initiating a business relationship with a client for services related to Virtual Asset (VA) activities. This includes collecting and verifying customer information to ensure compliance with AML/CFT requirements.

      2. Occasional Transactions: CDD must be performed when executing occasional transactions on behalf of a client, where the transaction amount equals or exceeds AED 3,500. This applies whether the transaction is a single occurrence or part of several linked transactions.

      3. Suspicious Transaction Instructions: If a client instructs Shipfinex to handle a potential suspicious transaction, CDD measures must be applied to assess and mitigate any associated risks.

      4. Doubts About Previously Obtained Information: CDD must be re-conducted if there are doubts about the veracity or adequacy of previously collected client identification information. This ensures that all data is accurate and up-to-date.

      5. High-Risk Transactions: Any transaction involving high-risk clients, as characterised under the Federal AML-CFT Laws, requires the application of CDD measures to ensure that the risks are effectively managed

    3. Ongoing Supervision of Business Relationships:

      1. Transaction Auditing: Shipfinex audits all transactions throughout the business relationship to ensure consistency with the client's profile and risk assessment. This includes verifying the source of funds and ensuring that the transaction aligns with the client's declared activities.

      2. Periodic Review of Records: Regular reviews of client records, particularly for high-risk clients, are mandatory to ensure that all CDD-related documents, data, and information remain current and relevant. This ongoing review helps in maintaining the accuracy of the client’s risk profile.

    If Shipfinex is unable to complete an appropriate CDD, the company will not establish or maintain a business relationship or execute any transactions for that client. If third parties are relied upon to perform CDD, Shipfinex remains responsible for ensuring that the process complies with all relevant rules and directives.

    Shipfinex cannot engage with or retain clients that fall outside its risk appetite. This includes clients involved in criminal activities, those on sanctions lists, those transacting with sanctioned entities, and those engaged in high-risk or illegal activities. Clients who refuse to provide necessary data for identity verification or economic profile creation without valid justification are also deemed unacceptable.

    1. Shipfinex does not:

      1. Establish or maintain relationships with shell banks.

      2. Hold anonymous or false-name accounts.

      3. Engage with clients whose ownership or control structures prevent identification of beneficial owners.

      4. Prohibited clients include:

      5. Known criminals or those strongly suspected of financial crimes.

      6. Clients on UN, UAE, US, UK, and EU sanctions lists.

      7. Entities involved with sanctioned entities, Darknet transactions, or high-risk countries.

      8. Clients engaged in activities posing unacceptable reputational risks.

      9. Complex structures where beneficial ownership cannot be determined.

      10. Clients demanding anonymity or providing fictitious names.

      11. Entities linked to controversial or illegal activities like arms dealing, drug trafficking, or deforestation.


      The Identification and Verification (ID&V) process at Shipfinex is crucial for gathering and verifying client information to prevent money laundering (ML), terrorist financing (TF), and proliferation financing (PF). This process ensures that the client's identity is confirmed using reliable, independent sources, forming the basis for creating an accurate economic profile and enabling the early detection of suspicious transactions.

    2. ID&V Components

      For Individual Customers:

      ree

    3. For Legal Entities:


      ree

      If any entity claims to act on behalf of a client, Shipfinex ensures that the entity is authorised to do so and verifies its identity according to the established procedures. Shipfinex also seeks to fully understand the intended purpose and nature of the business relationship with the client, gathering necessary information to support this understanding. For business clients or those providing services to other clientele, Shipfinex thoroughly examines the client's business nature, ownership, and control structure, including identifying Ultimate Beneficial Owners (UBOs) and any Decentralised Autonomous Organizations (DAOs) involved, to ensure full compliance with Federal AML-CFT Laws.

    4. Enhanced Due DiligenceEnhanced Due Diligence (EDD) is a critical process applied by Shipfinex to manage the elevated risks associated with high-risk customers, transactions, and jurisdictions. This process involves more thorough investigation, verification, and ongoing monitoring, ensuring that potential financial crimes are effectively mitigated.

      1. Application of EDD:

        1. Politically Exposed Persons (PEPs): Individuals with significant public roles, their families, and close associates.

        2. Customers from High-Risk Jurisdictions: Clients from regions with a high risk of corruption or financial crime.

        3. Complex or Unusually Large Transactions: Transactions that are atypical or complex in nature.

        4. High-Risk Transactions: Any transaction deemed high-risk due to its nature, size, or the involved parties.

      2. EDD Procedures:

        1. Additional Information Collection: Shipfinex collects extensive information on the customer and their Ultimate Beneficial Owners (UBOs), ensuring a thorough understanding of the client’s background.

        2. Frequent and In-Depth Monitoring: High-risk clients and transactions are subject to more frequent and detailed monitoring to identify any suspicious activity.

        3. Additional Risk Mitigation Controls: Specific controls are implemented based on the client’s and transaction’s risk profile, further mitigating potential financial crimes.

        4. Verification of Source of Wealth and Funds: The client’s source of wealth and funds is rigorously verified through documentary evidence to confirm legitimacy.

        5. Address Verification: The client’s address is verified using reliable documentation to ensure accuracy.

        6. Internet Searches and Adverse Media Checks: Comprehensive internet searches and adverse media checks are conducted to validate the client’s activities and assess the business operations of the client and any controlling individuals.

        7. Enhanced Identity Verification: High-risk individuals are required to provide additional identification documents, such as a passport and a national identity card, along with proof of address.

        8. MLRO/CO Involvement: The Money Laundering Reporting Officer (MLRO) and Compliance Officer (CO) is directly involved in the EDD process, overseeing the onboarding of high-risk clients, approving high-risk transactions, and ensuring all EDD measures are implemented effectively. The MLRO ensures continuous monitoring and review, escalating any issues to senior management as necessary.

        9. Ongoing Risk Assessment: Continuous re-evaluation of the client’s risk profile and transactions is conducted to identify and address any emerging risks promptly.

    Shipfinex’s EDD process is designed to manage the elevated risks associated with high-risk clients, transactions, and jurisdictions. With direct involvement from the MLRO and CO, this process provides an additional layer of protection, ensuring robust compliance with AML/CFT regulations and safeguarding the integrity of Shipfinex’s operations.

  7. AML/CFT Business Risk Assessment

    Shipfinex's business model revolves around the trading of Marine Asset Tokens (MAT), which tokenizes ownership in maritime assets, providing a unique opportunity in the digital asset space. Due to the innovative nature of these transactions, Shipfinex has implemented a thorough AML/CFT Business Risk Assessment. This assessment is designed to identify, evaluate, and mitigate potential financial crime risks, ensuring all activities are compliant with stringent regulatory standards.

    1. Assessment Overview:

      1. Virtual Assets:

        1. Risk Focus: The use of Virtual Assets, particularly Anonymity-Enhanced Cryptocurrencies, carries significant risks due to their potential misuse in illicit activities and the inherent difficulty in tracing such transactions.

        2. Mitigation: Shipfinex has instituted a strict prohibition on the use of Anonymity-Enhanced Cryptocurrencies within its platform. This ensures that all transactions conducted through Shipfinex are transparent, traceable, and in compliance with regulatory requirements.

      2. Virtual Asset Related Products/Services:

        1. Risk Focus: Products and services that facilitate anonymity-enhanced transactions are at a higher risk of being exploited for money laundering or terrorist financing.

        2. Mitigation: Shipfinex not only applies stringent controls, including enhanced Customer Due Diligence (CDD) for clients using these services, but also strictly monitors and prohibits any such products or services that cannot be adequately controlled. Each project listed on Shipfinex's platform undergoes detailed CDD and Enhanced Due Diligence (EDD) before being approved, ensuring robust risk management.

      3. Business and Professional Practices:

        1. Risk Focus: The complex ecosystem of stakeholders involved in Shipfinex’s operations, including shipowners, investors, and third-party service providers, poses risks related to AML/CFT compliance.

        2. Mitigation: Shipfinex conducts continuous risk assessments and monitoring of all business partners. This is coupled with comprehensive KYC procedures, ensuring that all entities involved meet AML/CFT standards. Each MAT project is carefully vetted through detailed CDD/EDD processes before being listed on the platform.

      4. Technology Associated with VA Activities:

        1. Risk Focus: The evolving nature of virtual asset technologies, including VA Wallet addresses and transaction methods, introduces challenges in maintaining effective AML/CFT oversight.

        2. Mitigation: Shipfinex utilises advanced distributed ledger analytics and other investigative tools to monitor and screen transactions. The performance and capabilities of these tools are reviewed regularly, at least annually or as needed when new technologies or privacy features are introduced. All reviews are documented, and the results are made available to the Virtual Assets Regulatory Authority (VARA) upon request, ensuring full transparency and compliance.

    Shipfinex's AML/CFT Business Risk Assessment is meticulously tailored to address the specific risks inherent in its operations, particularly those related to the trading of Marine Asset Tokens (MAT). By prohibiting high-risk virtual assets, implementing rigorous controls, and ensuring that every project undergoes thorough due diligence before listing, Shipfinex ensures robust compliance with regulatory requirements. This comprehensive approach not only mitigates financial crime risks but also reinforces Shipfinex's commitment to maintaining the highest standards of integrity and trust in the virtual asset industry.

  8. Customer Risk Assessment Methodology

    Shipfinex’s Customer Risk Assessment (CRA) methodology is meticulously designed to identify, assess, and manage the risks associated with customers, particularly in the context of Anti-Money Laundering (AML) and Counter Financing of Terrorism (CFT) compliance. This methodology ensures that Shipfinex effectively mitigates potential risks by categorising customers based on their risk profiles and implementing tailored due diligence, enhanced due diligence, ongoing monitoring, and screening measures, particularly for virtual asset-related risks.

    1. Risk Categorization:

      1. Low-Risk Customers:

        1. Definition: Customers who present minimal risk, typically based on factors such as stable geographic location, straightforward transaction history, and low-risk business nature.

        2. Due Diligence: Standard Customer Due Diligence (CDD) is applied, involving basic identity verification and background checks.

      2.  Medium-Risk Customers:

        1. Definition: Customers with a moderate risk level, often due to involvement in industries with a higher likelihood of money laundering or transactions that sometimes involve high-risk regions.

        2. Due Diligence: Enhanced CDD is conducted, with additional scrutiny on the customer’s business activities, financial transactions, and sources of funds.

      3. High-Risk Customers:

        1. Definition: Customers who pose a significant risk, typically those operating in high-risk jurisdictions, dealing with Anonymity-Enhanced Cryptocurrencies, or having complex corporate structures.

        2. Due Diligence: Enhanced Due Diligence (EDD) is required, which includes in-depth verification, frequent monitoring, and senior management approval. Continuous transaction monitoring and more frequent periodic reviews are mandatory for such customers.

    2. Assessment Criteria:

      1. Geographic Risk:

        1. Assessment: The customer’s country of residence or operation is assessed, focusing on regions with high levels of corruption, financial crime, or sanctions.

      2. Customer Type:

        1. Assessment: The type of customer (individual, corporate, financial institution) is identified, with particular attention given to Politically Exposed Persons (PEPs) and their associates.

      3. Nature of Business:

        1. Assessment: The customer’s business activities are evaluated, especially if they operate in sectors prone to money laundering or terrorist financing, such as gambling, arms trading, or high-value goods dealing.

      4. Transaction Patterns:

        1. Assessment: The customer’s transaction patterns are analysed, including frequency, volume, and any unusual or complex transactions that might indicate potential money laundering or terrorist financing activities.

      5. Source of Funds/Wealth:

        1. Verification: The legitimacy of the customer’s source of funds and wealth is verified, particularly in high-risk cases where the source may be obscure or involve significant cash transactions.

    3. Ongoing Monitoring and Review:

      1.  Continuous Monitoring:

        1. Monitoring: All customers are subject to ongoing monitoring to detect and report suspicious activities. Real-time transaction screening is conducted using advanced analytics tools, particularly for virtual asset-related risks.

      2. Periodic Review:

        1. Review: Customer risk profiles are reviewed periodically to ensure that the risk categorization remains accurate. High-risk customers undergo more frequent reviews, quarterly, depending on the level of risk.

      3. Trigger-Based Review:

        1. Re-Assessment: A re-assessment of the customer’s risk profile is triggered by significant changes in their behaviour, such as a sudden increase in transaction volume, engagement in new types of transactions, or associations with new jurisdictions.

      Decision-Making Process:

      1. Risk Assessment Outcome:

        1. Classification: Based on the assessment, customers are classified into low, medium, or high-risk categories, which dictate the level of due diligence and ongoing monitoring required.

      2. Senior Management Involvement:

        1. Approval: High-risk customers and any exceptions to standard procedures require approval from senior management, ensuring that all potential risks are thoroughly considered and managed.

      3. Documentation and Record Keeping:

        1. Records: Detailed records of all customer risk assessments, due diligence processes, and decision-making rationales are maintained securely. These records are readily available for regulatory audits and internal reviews.

    Shipfinex’s Customer Risk Assessment methodology is a critical component of its overall AML/CFT framework. By systematically assessing and categorising customers based on their risk profile and implementing rigorous ongoing monitoring, Shipfinex ensures that appropriate measures are in place to mitigate potential financial crime risks. This proactive approach not only protects the company but also enhances its reputation as a responsible player in the virtual asset industry, particularly in managing the risks associated with virtual assets.

  9. Screening Procedures

    Shipfinex implements stringent screening procedures to identify and manage risks associated with Politically Exposed Persons (PEPs), sanctions, and adverse media. These procedures are integral to maintaining compliance with AML/CFT regulations and protecting the platform from financial crimes.

    1. Screening for Politically Exposed Persons (PEPs)

      1. Objective: To identify and mitigate risks associated with clients who are PEPs or closely associated with PEPs, due to their potential exposure to corruption and financial crimes.

      2. Procedures:

        1. Identification:

          1. Shipfinex screens all clients and related parties against a comprehensive PEP list during onboarding and continuously throughout the business relationship.

          2. Relationships identified as involving PEPs are subject to Enhanced Due Diligence (EDD).

        2. Approval Process: Before establishing a business relationship with a PEP, approval from the Money Laundering Reporting Officer (MLRO) and senior management is required.

        3. Monitoring: PEPs are subject to ongoing monitoring, with periodic reviews to detect any changes in their risk profile or involvement in suspicious activities.

    2. Sanctions Screening

      1. Objective: To prevent engagement with clients or transactions linked to sanctioned entities, individuals, or jurisdictions, ensuring compliance with international and domestic sanctions regimes, including those specifically relevant to the UAE and virtual assets.

      2. Procedures:

        1. Initial Screening:

          1. Clients and related parties are screened against global sanctions lists, including those issued by:

            United Nations (UN)

            United Arab Emirates (UAE) Federal Sanctions List

            United States (OFAC) Specially Designated Nationals List

            United Kingdom (HM Treasury) Sanctions List

            European Union (EU) Sanctions List

            UAE Executive Office for Control & Non-Proliferation (EOCN) list

            Other applicable lists specific to Virtual Assets as per VARA guidelines

        2. Ongoing Screening:

          1. Continuous monitoring is performed to detect any changes in the sanctions status of clients or related parties. Positive matches or alerts are escalated to the MLRO for further investigation.

        3. Transaction Screening:

          1. Transactions are screened to ensure they do not involve sanctioned entities, individuals, or jurisdictions. Any flagged transactions undergo further review and require MLRO approval before processing.

    3. Adverse Media Screening

      1. Objective: To identify and assess risks associated with negative media coverage of clients or related parties, which could indicate involvement in financial crimes or other illegal activities.

        1. Initial Screening: During onboarding, Shipfinex conducts adverse media checks using reliable databases and news sources to identify any negative information associated with the client or their business operations.

        2. Ongoing Monitoring: Regular adverse media screenings are conducted to detect any new or emerging risks. This includes monitoring traditional media and online platforms for relevant news.

        3. Risk Assessment and Action: If adverse media is identified, the client’s risk profile is reassessed. Depending on the severity of the information, the case may be escalated to the MLRO, and additional due diligence measures may be implemented, or the business relationship may be terminated.

      Shipfinex’s comprehensive screening procedures for PEPs, sanctions, and adverse media are essential for effective risk management and compliance with global AML/CFT regulations. These procedures ensure that high-risk clients and transactions are identified early, enabling Shipfinex to take appropriate measures to safeguard the platform's integrity and reputation.

  10. Transaction Monitoring and Suspicious Transaction Reporting Procedures

    Transaction monitoring is integral to Shipfinex’s AML/CFT strategy, aimed at detecting suspicious activities early and ensuring regulatory compliance.

    1. Transaction Monitoring Procedures

      1. Continuous Monitoring:

        1. Objective: Monitor transactions and client activities in real-time to detect any unusual or suspicious behaviour.

        2. Methods: Utilise advanced analytics tools tailored to Shipfinex’s specific Virtual Asset (VA) activities and client risk profiles.

        3. No Tipping-Off: Ensure monitoring is discreet to prevent alerting clients to potential investigations.

        4. Indicator Updates: Regularly update risk indicators based on emerging threats and changing client behaviours and to identify possible Suspicious Transactions.

      2. Risk-Based Screening:

        1. Focus: Shipfinex screens transactions for specific risks, including:

          1. Large or complex transactions

          2. Transactions involving high-risk jurisdictions

          3. PEP-related transactions

          4. Anonymity-enhanced cryptocurrencies

          5. Rapid fund transfers across accounts or borders

          6. Transactions not aligned with the client’s usual activity profile

        2. FATF Recommendations: Shipfinex aligns its screening process with FATF guidelines, looking for red flags like structured transactions, use of intermediaries, and involvement with sanctioned entities.

      3. Internal Thresholds:

        1. Objective: Set specific internal thresholds for each risk category to trigger alerts during transaction monitoring.

        2. Thresholds:

          1. Thresholds for Low-Risk Transactions:

            Single transaction amount: ≥ $10,000 USD equivalent in virtual assets

            Daily cumulative transactions: ≥ $25,000 USD equivalent

            Weekly cumulative transactions: ≥ $50,000 USD equivalent

            Monthly cumulative transactions: ≥ $100,000 USD equivalent

            Unusual transaction patterns: 3x deviation from typical transaction volume or frequency

          2. Thresholds for Medium-Risk Transactions:

            Single transaction amount: ≥ $5,000 USD equivalent in virtual assets

            Daily cumulative transactions: ≥ $15,000 USD equivalent

            Weekly cumulative transactions: ≥ $30,000 USD equivalent

            Monthly cumulative transactions: ≥ $60,000 USD equivalent

            Unusual transaction patterns: 2x deviation from typical transaction volume or frequency

            Transactions involving medium-risk jurisdictions

          3. Thresholds for High-Risk Transactions:

            Single transaction amount: ≥ $1,000 USD equivalent in virtual assets

            Daily cumulative transactions: ≥ $5,000 USD equivalent

            Weekly cumulative transactions: ≥ $10,000 USD equivalent

            Monthly cumulative transactions: ≥ $20,000 USD equivalent

            Any unusual transaction patterns

            Transactions involving high-risk jurisdictions or PEPs

            Rapid transfers across multiple accounts or borders

        3. Review and Adjustment: These thresholds should be regularly reviewed and adjusted based on evolving risk factors and regulatory changes.

      4. Documentation and Approval:

        1. Objective: Ensure that all transaction monitoring methods and indicators, including thresholds, are documented, approved by Senior Management, and periodically reviewed for effectiveness.

      5. High-Risk Transactions:

        1. Enhanced Monitoring: Apply Enhanced Due Diligence (EDD) measures and increased scrutiny to high-risk transactions to mitigate financial crime risks.

    2. Suspicious Transaction Reporting (STR)

      Shipfinex employs robust methods tailored to its specific Virtual Asset (VA) activities and business relationships to continuously monitor and identify any suspicious transactions. These methods are carefully designed to ensure that no “tipping-off” or similar offence occurs, maintaining the confidentiality and integrity of the investigation process. All identified suspicious transactions must be promptly reported to the Money Laundering Reporting Officer (MLRO), ensuring compliance with regulatory requirements. Furthermore, these methods are documented, approved by Senior Management, and regularly reviewed and updated to maintain their effectiveness.

    3. Identification of Suspicious Transactions:

      1. Criteria: Transactions are flagged as suspicious based on predefined indicators such as unusual transaction patterns, involvement with high-risk jurisdictions, or links to PEPs.

    4. Immediate Reporting to MLRO:

      1. Process: Any employee detecting a suspicious transaction must report it immediately to the Money Laundering Reporting Officer (MLRO).

      2. MLRO Responsibilities:

        1. Reporting: The MLRO reports suspicious transactions to the UAE Financial Intelligence Unit (FIU) and Virtual Assets Regulatory Authority (VARA) via the GoAML platform or any other means approved by the UAE FIU and/or VARA.

        2. Timely Response and actions: The MLRO must respond promptly to any additional information requests from the UAE FIU and/or VARA, ensuring that these requests are addressed within forty-eight (48) hours. Additionally, the MLRO must undertake any further actions as required by the UAE FIU and/or VARA within the specified timeframes mentioned in such requests.

        3. Coordination: If the MLRO is not the same individual as the Compliance Officer (CO), the MLRO must immediately report to the CO that a Suspicious Transaction Report (STR) has been made, provided that this does not constitute "tipping-off" or a similar offence under applicable laws or regulations.

    5. Documentation and Compliance:

      1. Record Keeping: Maintain thorough documentation of all STRs and related communications, ensuring records are secure and available for audits or inspections.

      2. Regular Review: The MLRO must regularly review the effectiveness of the STR process to ensure compliance with AML/CFT regulations.

    Shipfinex’s transaction monitoring and suspicious transaction reporting procedures provide a robust defence against financial crime. By screening for specific risks, aligning with FATF recommendations, and ensuring timely reporting, Shipfinex upholds high compliance standards and safeguards the integrity of its platform.

  11. Technology and Information Oversight for AML/CFT

    1. Given the sophisticated nature of the services provided by Shipfinex and the complexity of the assets transacted, the company leverages a range of advanced tools and technologies to ensure robust AML/CFT compliance. These tools are vital in identifying, mitigating, and preventing financial crimes within the rapidly evolving virtual assets landscape.

    2. Onboarding and Transaction Monitoring: Shipfinex utilises a variety of tools, including distributed ledger analytics and other investigative capabilities, to monitor and screen transactions effectively. These tools are designed to detect potential financial crimes by analysing transactions and client behaviour. During ongoing monitoring, Shipfinex ensures alignment with the FATF Report Virtual Assets Red Flags Indicators of Money Laundering and Terrorist Financing (September 2020). The monitoring system is designed with specific scenarios and thresholds to closely monitor clients' interactions with their virtual asset (VA) activities.

    3. Performance Review and Assurance: To maintain the highest standards of oversight, Shipfinex conducts at least annual reviews of the performance and capabilities of its technical solutions providers. These reviews are also performed on an ad hoc basis, particularly when new privacy features are introduced in the native blockchain of specific virtual assets. Additionally, Shipfinex seeks assurances from service providers to ensure that their surveillance capabilities remain comprehensive, especially concerning the virtual assets available on Shipfinex's platform.

    4. Ongoing Monitoring and Documentation: Shipfinex diligently reviews and documents the performance and functionality of its distributed ledger analytics tools, which are critical for ongoing monitoring. These documented reviews not only support internal oversight but are also available for review by the Virtual Assets Regulatory Authority (VARA) upon request, ensuring full regulatory transparency.

    5. Responsibilities: The IT and compliance teams are tasked with overseeing the effectiveness of these AML/CFT systems. They are also responsible for ensuring the protection of customer data and maintaining robust business continuity plans to safeguard against disruptions in AML/CFT operations.

      This comprehensive approach to technology and information oversight underscores Shipfinex's commitment to maintaining a secure and compliant environment in the virtual asset sector, ensuring that all AML/CFT requirements are rigorously met.

    Details regarding the third-party service providers utilised for all types of screenings, monitoring, and transaction monitoring are provided separately. These service providers are carefully vetted to ensure they meet stringent compliance standards and are effective in detecting and managing risks related to PEPs, sanctions, adverse media, and suspicious transactions.

  12. Anonymity Enhanced Tokens

    Shipfinex strictly prohibits the facilitation of anonymity-enhanced transactions. This includes any transactions involving technologies or tools designed to obscure the origin, destination, or ownership of Virtual Assets. Prohibited activities include

    1. Transactions involving privacy coins, such as Monero or other similar Virtual Assets.

    2. The use of mixers, tumblers, or similar mechanisms to anonymize transactions.


    Shipfinex has implemented robust transaction monitoring systems capable of identifying and blocking any attempted anonymity-enhanced transactions. Any flagged activities will be reviewed by the compliance team and rejected. Staff and board members will be trained on identifying and escalating potential anonymity-enhanced activities, ensuring that all transactions align with regulatory and internal compliance requirements. Regular reviews and audits will be conducted to ensure adherence to these prohibitions, and any breaches will be addressed through appropriate corrective actions and reporting procedures.

  13. FATF Travel Rule

    1. Shipfinex acknowledges its commitment to ensuring compliance with the FATF Travel Rule by diligently collecting and transmitting the required information with wire transfers and other qualifying transactions. This demonstrates Shipfinex’s dedication to upholding international regulatory standards and preventing financial crimes.

      The steps for compliance with the FATF Travel Rule include:

      1. Information Collection and Verification:

        1. Originator Information: Collect and verify the originator's name, account number or VA wallet address, and residential or business address for transfers exceeding AED 3,500.

        2. Beneficiary Information: Collect and verify the beneficiary's name and account number or VA wallet address for transfers exceeding AED 3,500.

        3. Use reliable and independent sources for verification.

      2. Use of External Service Provider:

        1. Engage a reputable external service provider to screen wallets and entities involved in virtual asset transfers.

        2. Ensure the service provider has robust capabilities to identify high-risk wallets and entities, including those on global sanctions lists, PEP lists, and adverse media sources.

      3. Risk-Based Due Diligence:

        1. Conduct risk-based due diligence on counterparties and classify them based on their AML/CFT risk profiles.

        2. Perform enhanced due diligence for high-risk counterparties and transactions.

      4. Handling High-Risk Transactions:

        1. Identify and flag high-risk transactions, including those involving unhosted VA wallets and anonymity-enhanced transactions.

        2. Implement specific procedures for managing high-risk transactions, including additional verification steps and senior management approval.

      5. Reporting and Record-Keeping:

        1. Maintain detailed records of originator and beneficiary information for a minimum of five years.

        2. Ensure timely and accurate reporting of information to VARA and other appropriate authorities upon request.

      Shipfinex complies with the FATF Travel Rule by carefully considering the risks associated with deposits, withdrawals, transactions involving non-obliged entities, and anonymity-enhanced activities. While Shipfinex is dedicated to implementing the Travel Rule whenever feasible, it acknowledges that some jurisdictions may not mandate this rule (the “sunrise issue”). In such instances, Shipfinex endeavours to obtain the necessary information following best practices and regulatory guidelines. The detailed assessment, implementation plan, and information about the technical solution provider are outlined separately in the Travel Rule Implementation Plan.

      Shipfinex will adhere to the FATF Travel Rule by ensuring that all applicable laws, regulations, and guidelines related to Virtual Asset transactions are implemented and followed. This includes monitoring for any transaction or series of transactions designed to circumvent regulatory thresholds intended to bypass the Travel Rule requirements.

      To meet this obligation, Shipfinex will:

      1. Maintain robust transaction monitoring systems to identify and flag any patterns or activities that suggest an attempt to structure transactions to avoid compliance with Travel Rule requirements.

      2. Conduct enhanced reviews for transactions near regulatory thresholds and escalate any suspicious activities for further investigation.

      3. Implement training programs for compliance staff to ensure they can recognize and respond to such behavior effectively.

      4. Regularly update policies and procedures to align with evolving FATF recommendations and applicable local or international laws.

      By establishing these controls, Shipfinex ensures its ability to prevent, detect, and mitigate any attempts to bypass Travel Rule requirements.

    2. Reporting on Compliance with the Travel Rule

      Shipfinex will maintain comprehensive records and mechanisms to report on its compliance with the Travel Rule and the effectiveness of its policies and controls as required by the relevant regulatory authorities. To facilitate compliance reporting:

      1. Shipfinex will document all measures taken to implement the Travel Rule, including systems, processes, and controls used to monitor, detect, and report relevant information.

      2. Internal audits will be conducted periodically to assess the effectiveness of Travel Rule compliance measures, with findings recorded and made available for regulatory review.

      3. Detailed compliance reports will be generated upon request, covering key areas such as:

        1. The volume of transactions subject to the Travel Rule.

        2. The number of transactions flagged or rejected due to non-compliance.

        3. Any updates to the policies and controls implemented to enhance compliance with the Travel Rule.

      Shipfinex will ensure that all reporting requirements can be met promptly and will maintain open communication with regulatory authorities to address any compliance-related inquiries.

  14. Reporting, Escalation, and Ongoing Monitoring To ensure robust compliance with AML/CFT policies, Shipfinex has implemented a comprehensive monitoring framework. This framework includes a compliance monitoring plan that details the scope, frequency, and methods of monitoring, utilising both automated systems and manual reviews. Regular internal audits assess the effectiveness of the AML/CFT program, with findings documented and action plans developed to address any deficiencies. Compliance activities and findings are reported to relevant regulatory authorities, with meticulous record-keeping.

    1. For reporting and escalation, Shipfinex has established clear channels to manage AML/CFT-related issues. These methods may include:

      1. Internal Reporting: Use designated email addresses  [email : [email protected]] for reporting AML/CFT concerns.

      2. Escalation: Serious issues should be escalated through defined channels, such as direct reporting to the MLRO, Compliance Officer, or senior management on these emails. [email : [email protected] and email [email protected] ].

      3. External Reporting: Issues are escalated to external authorities, such as the UAE Financial Intelligence Unit (FIU) or the Virtual Assets Regulatory Authority (VARA), as required.

    2. Issue Resolution:

      1. Investigation and Resolution Process: Develop a clear process for investigating and resolving reported AML/CFT issues. This process should involve thorough investigation, documentation of findings, and resolution outcomes for each reported issue.

      2. Documentation: Ensure that the resolution process and outcomes are fully documented and stored securely for future reference and audits.

      3. Corrective Actions: Implement corrective actions to address the root cause of identified issues, preventing recurrence, and continuously improving the AML/CFT framework.

  15. Record-Keeping and Disclosure Requirements Record-keeping is a vital component of Shipfinex’s AML/CFT compliance framework, ensuring that all necessary documents and data are securely maintained and readily accessible for regulatory inspection. This section outlines the procedures for record maintenance, retention, and documentation standards, which are crucial for demonstrating compliance with legal and regulatory obligations.

    1. Record Maintenance:

      1. Keep records of customer identification documents, transaction details, risk assessments, and SARs.

      2. Ensure records are stored securely to prevent unauthorised access and ensure data integrity.

      3. Transaction details, including date, time, value, and type of Virtual Asset involved.

      4. Originator and beneficiary information gathered through KYC/AML processes.

      5. Supporting documentation, including customer communications and compliance monitoring logs.

      6. Internal reviews, approvals, and escalations related to transaction monitoring

    2. Retention Period:

      1. Retain records for a minimum of eight (8) years from the date of the transaction or the end of the business relationship, whichever is longer.

      2. Ensure records are readily accessible for inspection by regulatory authorities.

    3. Documentation Standards:

      1. Maintain clear and organised records to facilitate easy retrieval and review.

      2. Use standardised forms and templates for record-keeping to ensure consistency.

    For detailed information on record-keeping practices, refer to the Record Management and Retention Policy.

    Shipfinex is committed to ensuring transparency and compliance with regulatory disclosure requirements regarding its AML/CFT policies and procedures. This includes informing clients about the AML/CFT measures in place and their role in compliance, as well as how their data will be used and protected. The AML/CFT policy is published on Shipfinex’s website for public access and is regularly updated to reflect regulatory changes and best practices. Additionally, Shipfinex ensures timely and accurate reporting of AML/CFT activities to VARA, maintaining a record of all disclosures made to the authority.

    Shipfinex will ensure that any changes are communicated to the relevant authorities promptly. Shipfinex will ensure the complete set of AML-CFT policies and procedures, including measures for identifying and mitigating risks, transaction monitoring processes, and reporting mechanisms are detailed and provided. Furthermore, any subsequent updates to these policies, which will be reviewed, approved, and submitted no later than twenty-one (21) calendar days after the changes are implemented.

    Shipfinex will maintain a centralized record of all submitted policies and procedures, including approval documentation and submission confirmations. The Compliance Officer will oversee this process to ensure accuracy and timely submissions.

  16. Training Requirements Shipfinex is committed to ensuring that all personnel, from new hires to senior management, are thoroughly trained to recognize and combat financial crimes. The organisation’s comprehensive AML/CFT training program equips employees with the knowledge and skills necessary to maintain compliance and protect against money laundering, terrorist financing, and other financial crimes.

    1. Training Program: Training is mandatory for all employees, including Directors, and must be completed within 30 calendar days of joining Shipfinex, followed by annual refreshers. The training program, designed and updated by the MLRO, is tailored to Shipfinex’s operations, addressing the specific risks associated with the company's services and clients.

    2. Enhanced Training Content: The training program covers a wide range of topics essential for effective financial crime prevention:

      1. Applicable Laws and Regulations: Detailed instruction on UAE laws, VARA Rules, and directives related to financial crime.

      2. Understanding Financial Crimes: Comprehensive coverage of various types of financial crimes, including money laundering, terrorist financing, and anti-bribery and corruption practices.

      3. Identification and Reporting: In-depth guidance on recognizing suspicious activities, understanding the types of transactions that may raise red flags, and knowing the proper procedures for reporting these to the MLRO.

      4. Avoiding Tipping-Off: Training on how to handle sensitive information to ensure that potential suspects are not alerted during investigations.

      5. Prevailing Techniques and Trends: Regular updates on the latest trends and methods in financial crime to ensure that all staff are aware of emerging risks.

      6. Roles and Responsibilities: Clear definition of the roles and responsibilities of all employees, including the MLRO and Deputy MLRO, in combating financial crime.

      7. System Controls and Compliance: Training on Shipfinex’s internal systems, control measures, and any recent changes, ensuring that all employees are equipped to use these tools effectively.

      8. Client Due Diligence: Detailed procedures for client identification, ongoing due diligence, and transaction scrutiny to ensure compliance with AML/CFT standards.

    3. Ongoing and Role-Specific Training: Training sessions are conducted regularly to keep employees up-to-date with changes in regulations, industry best practices, and the organisation’s internal procedures. Role-specific training ensures that employees in high-risk positions receive more intensive and targeted education, enabling them to manage and mitigate the specific risks they encounter.

    4. Training Records: All training sessions are meticulously documented, including attendance and assessment results. These records are reviewed annually to ensure the training program remains effective, relevant, and aligned with the organisation’s evolving AML/CFT strategies.

    By implementing this comprehensive and dynamic training program, Shipfinex ensures that all personnel are well-prepared to prevent financial crime and maintain the highest standards of regulatory compliance.

  17. Periodic Reviews and Audits To maintain the integrity and effectiveness of Shipfinex's AML/CFT program, regular reviews and audits are essential. These processes ensure that the program remains current, aligns with regulatory changes, and addresses emerging risks effectively.

    1. Annual Reviews:

      1. The MLRO conducts an annual review of the AML/CFT policy to ensure it reflects the latest regulations, emerging risks, and industry best practices.

      2. Necessary updates are made to maintain the policy’s relevance and effectiveness.

    2. Ongoing Reviews:

      1. Continuous reviews are conducted to align the AML/CFT program with any changes in regulations, international standards, and emerging financial crime threats.

      2. The program is updated regularly to ensure compliance with evolving requirements.

    3. Internal Audits:

      1. Regular internal audits are performed to assess the AML/CFT program's overall effectiveness, focusing on transaction monitoring, customer due diligence, and reporting procedures.

    4. External Audits:

      1. Independent external auditors are engaged to provide an unbiased assessment of the AML/CFT program, identifying areas for improvement.

      2. Findings from these audits are used to make necessary enhancements to the program.

    5. Continuous Improvement:

      1. An action plan is developed to address any deficiencies identified during reviews and audits.

      2. Corrective actions are promptly implemented, and their effectiveness is closely monitored to ensure continuous improvement of the AML/CFT framework.

    This structured approach ensures that Shipfinex's AML/CFT program remains robust, compliant, and responsive to the evolving financial crime landscape.

  18. Appendix 1: Templates and Forms

    Customer Due Diligence (CDD) Form

    ree


    Enhanced Due Diligence (EDD) Form

    ree

    Suspicious Transaction Report (STR) Form

    ree

    Transaction Monitoring Alert Review Form

    ree


  19. Appendix 2: Examples of Potential Scenarios

    1. Scenario 1: Suspicious Transaction Detected

      1. Steps for Resolution:

        1. Transaction flagged by the monitoring system due to unusual activity.

        2. Compliance team reviews the transaction and conducts an initial investigation.

        3. If suspicion is confirmed, the MLRO is notified, and a detailed investigation is conducted.

        4. MLRO decides whether to file a Suspicious Transaction Report (STR) with the relevant authorities.

        5. STR is filed, and the transaction is documented in the compliance records.

        6. Continuous monitoring of the customer’s account for further suspicious activity.

    2. Scenario 2: Customer Identified as PEP

      1. Steps for Resolution:

        1. Customer screened and identified as a Politically Exposed Person (PEP).

        2. Enhanced Due Diligence (EDD) is conducted, including verification of source of funds and wealth.

        3. Senior management approval obtained before establishing or continuing the business relationship.

        4. Implement additional monitoring measures for the customer’s transactions.

        5. Document all findings and decisions related to the PEP.

    3. Scenario 3: Breach of AML/CFT Policy

      1. Steps for Resolution:

        1. Employee reports a potential breach of the AML/CFT policy.

        2. MLRO conducts an investigation to determine the nature and extent of the breach. 

        3. Findings are documented, and a report is prepared for senior management and the board. 

        4. Corrective actions are implemented to address the breach and prevent recurrence. 

        5. Training sessions are conducted to reinforce AML/CFT procedures and raise awareness among staff. 

        6. Monitor the effectiveness of the corrective actions and make adjustments as necessary.

    4. Scenario 4: High-Risk Jurisdiction Transaction

      1. Steps for Resolution:

        1. Transactions involving a customer from a high-risk jurisdiction are flagged by the monitoring system.

        2. Conduct Enhanced Due Diligence (EDD) to verify the legitimacy of the transaction.

        3. Obtain additional information on the source of funds and the purpose of the transaction.

        4. Senior management approval is required before processing the transaction.

        5. Document all steps taken during the investigation and the rationale for the decision.

        6. Continue to monitor transactions involving high-risk jurisdictions closely.

    5. Scenario 5: Data Breach Affecting AML/CFT Records

      1. Steps for Resolution:

        1. Immediately report the data breach to the MLRO and IT department.

        2. Conduct an investigation to determine the extent of the breach and affected records.

        3. Notify regulatory authorities and affected customers if required by law.

        4. Implement measures to contain the breach and prevent further unauthorised access.

        5. Review and strengthen data security protocols to mitigate future risks.

        6. Document the incident and actions taken to resolve it.

    6. Scenario 6: Unusual Customer Behaviour

      1. Steps for Resolution:

        1. Front-line staff notice unusual behaviour or transactions from a customer.

        2. Report the observations to the MLRO for further investigation.

        3. The MLRO conducts a review of the customer’s account and transaction history.

        4. Determine if the behaviour is consistent with money laundering or terrorist financing indicators.

        5. If suspicious, file a Suspicious Transaction Report (STR) with the relevant authorities.

        6. Continue to monitor the customer’s activities and document all findings.

    7. Scenario 7: Incomplete Customer Information

      1. Steps for Resolution:

        1. During the customer onboarding process, incomplete or inconsistent information is identified.

        2. Contact the customer to request the missing information or clarification.

        3. Verify the additional information provided using reliable, independent sources.

        4. If the customer fails to provide the required information, consider the risk and decide on the relationship.

        5. Document the steps taken to obtain the information and the final decision.

        6. Ensure ongoing monitoring to detect any further issues with customer information.


bottom of page