AML Policy

AML Policy

1. Introduction

1.1 Purpose

This comprehensive Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) Policy outlines Swifttransact’s commitment to preventing, detecting, and reporting money laundering, terrorist financing, and other financial crimes in accordance with the Dubai Multi Commodities Centre (DMCC) and UAE regulations.

1.2 Legal Framework

This policy is designed to ensure compliance with:

1. • Federal Decree-Law No. 20/2018 on Anti-Money Laundering and Countering the Financing of Terrorism.

1. • Cabinet Decision No. 10/2019 (AML By-laws).

1. • DMCC Rules for Risk Based Due Diligence in the Gold and Precious Metals Supply Chain (DMCC Rules for RBD-GPM).

1. • Federal Law No. 7 of 2014 on Combating Terrorism Offences.

1. • UAE Central Bank Regulations and Guidelines.

1. • Relevant DMCC regulations and guidelines.

1. • FATF Recommendations and guidance.

1.3 Policy Statement

Swifttransact DMCC is committed to maintaining the highest standards of AML/CTF compliance and will not knowingly engage in or facilitate any transaction that appears to involve money laundering, terrorist financing, or other financial crimes.

2. Scope

2.1 Application

This policy applies to all employees, officers, directors, contractors, and third-party service providers of Swifttransact DMCC, operating within the DMCC free zone.

2.2 Services Covered

This policy covers all payment services offered by Swifttransact DMCC, including but not limited to:

1. • Money transfers

1. • Payment processing

1. • Digital wallet services

1. • Currency exchange services

1. • Any other financial services provided within the DMCC jurisdiction

3. AML Compliance Structure

3.1 Board of Directors

The Board of Directors is ultimately responsible for overseeing the AML/CTF program and fostering a culture of compliance within the organization.

3.2 AML Compliance Officer

Swifttransact DMCC has designated AML Compliance Officer. Their responsibilities include:

1. • Developing and implementing AML/CTF policies and procedures

1. • Overseeing the day-to-day operations of the AML/CTF program

1. • Reporting to the Board of Directors on AML/CTF matters

1. • Serving as the primary point of contact for regulatory authorities, including DMCC and UAE Central Bank

1. • Ensuring compliance with DMCC-specific regulations and guidelines

3.3 AML Compliance Team

An AML Compliance Team will support the AML Compliance Officer in implementing and maintaining the AML/CTF program.

4. Risk Assessment

4.1 Enterprise-Wide Risk Assessment (EWRA)

Swifttransact DMCC will conduct a comprehensive EWRA annually, or more frequently if significant changes occur in the business or regulatory environment, to identify and assess money laundering and terrorist financing risks specific to our operations within DMCC.

4.2 Risk Factors

The risk assessment will consider factors including:

1. • Customer types and jurisdictions

1. • Products and services offered

1. • Transaction types and volumes

1. • Delivery channels

1. • Geographical risk, with specific attention to UAE and DMCC-related risks

4.3 Risk Mitigation

Based on the risk assessment results, Swifttransact DMCC will implement appropriate controls and allocate resources to mitigate identified risks, in line with DMCC and UAE regulatory requirements.

5. Customer Due Diligence

5.1 Know Your Customer (KYC) Procedures

5.1.1 Minimum Information Required

For individual customers:

1. 1. • Full name (as per passport or Emirates ID)

1. 1. • Date of birth

1. 1. • Nationality

1. 1. • Residential address

1. 1. • Identification number (e.g., passport, Emirates ID)

1. 1. • Contact information

For business customers:

1. 1. • Legal business name

1. 1. • Principal place of business

1. 1. • Tax Registration Number (TRN) or equivalent

1. 1. • Ownership and control structure

1. 1. • DMCC license number (if applicable)

5.1.2 Verification Methods

1. 1. • Original or certified copy of passport or Emirates ID

1. 1. • Proof of address (e.g., utility bill, tenancy contract)

1. 1. • Business registration documents, including DMCC-specific documentation

1. 1. • On-site visits for high-risk customers

1. 1. • Use of UAE-approved electronic verification methods

5.2 Customer Risk Profiling

Customers will be categorized into risk levels (e.g., low, medium, high) based on factors such as:

1. • Nature of business

1. • Transaction patterns

1. • Geographical location

1. • PEP status

1. • Adverse media mentions

1. • Specific DMCC and UAE risk factors

5.3 Enhanced Due Diligence (EDD)

1. • EDD will be conducted for high-risk customers, including:

1. • Additional verification of source of funds and wealth

1. • Senior management approval for onboarding

1. • More frequent review of the business relationship

1. • Obtaining additional information on the intended nature of the business relationship

5.4 Ongoing Due Diligence

1. • Regular updates of customer information

1. • Periodic reviews of high-risk customers

1. • Transaction pattern analysis

1. • Annual review of all customer relationships

5.5 Ultimate Beneficial Owner (UBO) Information

1. • Collect and verify UBO information for all legal entities

1. • Identify and verify UBOs with 25% or more ownership or control

1. • Maintain an up-to-date UBO register

6. Transaction Monitoring

6.1 Automated Monitoring System

Implement a robust automated transaction monitoring system capable of:

1. • Real-time and batch screening against sanctions lists

1. • Detecting unusual patterns or behaviors

1. • Generating alerts for predefined scenarios

1. • Adapting to DMCC-specific risks and typologies

6.2 Alert Investigation

1. • Establish a dedicated team for investigating system-generated alerts

1. • Develop clear procedures for alert escalation and resolution

1. • Ensure timely investigation and reporting of suspicious activities

6.3 Thresholds and Scenarios

Implement and regularly review monitoring scenarios, including:

1. • Large cash transactions (as per UAE Central Bank thresholds)

1. • Structuring attempts

1. • Unusual cross-border activities

1. • Transactions with high-risk jurisdictions

1. • DMCC-specific red flags (e.g., related to precious metals trading)

7. Suspicious Activity Reporting

7.1 Internal Reporting

1. • Establish clear channels for employees to report suspicious activities

1. • Implement a confidential reporting mechanism

1. • Ensure protection for whistleblowers

7.2 Investigation Process

1. • Develop a standardized process for investigating potential suspicious activities

1. • Maintain detailed documentation of all investigations

7.3 Suspicious Transaction Report (STR) Filing

1. • File STRs with the UAE Financial Intelligence Unit (FIU) through the goAML system within 15 days of suspicion

1. • Ensure the confidentiality of STR filings

1. • Maintain a log of all filed STRs

7.4 Tipping Off

Strictly prohibit informing customers or any unauthorized persons about STR filings or ongoing investigations.

8. Record Keeping

8.1 Retention Period

Maintain all AML/CTF-related records for a minimum of five years from the date of transaction or termination of the business relationship, or longer if required by DMCC or UAE regulations.

8.2 Types of Records

Retain records including:

1. • Customer identification documents

1. • Transaction records

1. • Investigation files

1. • Training records

1. • Audit reports

1. • Risk assessments

1. • Board and management reports

8.3 Accessibility

Ensure all records are easily retrievable and available for internal audits, DMCC inspections, and other regulatory examinations.

9. Training

9.1 New Employee Training

Provide comprehensive AML/CTF training to all new employees as part of the onboarding process.

9.2 Annual Training

Conduct annual AML/CTF training for all employees, covering

1. • Current AML/CTF laws and regulations, including DMCC-specific requirements

1. • Company AML/CTF policies and procedures

1. • Red flags for suspicious activities

1. • Reporting requirements

1. • Case studies relevant to DMCC and UAE context

9.3 Specialized Training

1. • Provide additional, role-specific training for:

1. • Front-line staff

1. • Compliance team members

1. • Senior management

1. • Board of Directors

9.4 Training Records

Maintain detailed records of all AML/CTF training sessions, including attendance and assessment results.

10. Independent Audit

10.1 Annual Audit

Engage an independent, qualified third party to conduct an annual audit of the AML/CTF program.

10.2 Audit Scope

The audit should assess:

1. • Adequacy of AML/CTF policies and procedures

1. • Effectiveness of risk assessment processes

1. • Compliance with CDD requirements

1. • Effectiveness of transaction monitoring and reporting

1. • Quality of staff training

1. • Compliance with DMCC-specific regulations

10.3 Audit Reports

1. • Present audit findings to the Board of Directors

1. • Develop and implement action plans to address any identified deficiencies

1. • Share audit reports with DMCC authorities upon request

11. Technology and Tools

11.1 AML/CTF Software

1. • Utilize industry-leading AML/CTF software for:

1. • Customer screening against sanctions and PEP lists

1. • Transaction monitoring and alert generation

1. • Case management for investigations

1. • Regulatory reporting (e.g., integration with goAML)

11.2 Data Quality

Implement processes to ensure the accuracy and completeness of data used in AML/CTF processes.

11.3 System Testing

Regularly test and validate all AML/CTF-related systems to ensure their effectiveness.

12. Sanctions Compliance

12.1 Screening Process

1. • Screen customers and transactions against relevant sanctions lists, including UAE, UN, OFAC, and EU lists

1. • Implement real-time screening for all transactions

12.2 List Management

Regularly update sanctions lists in screening systems.

12.3 Blocked Transactions

Establish clear procedures for handling transactions that trigger sanctions alerts, including immediate freezing of funds and reporting to relevant authorities.

13. Compliance with DMCC Rules

13.1 DMCC Rules for RBD-GPM

Adhere to the DMCC Rules for Risk Based Due Diligence in the Gold and Precious Metals Supply Chain, if applicable to our business activities.

13.2 Accreditation Standards

Comply with relevant DMCC accreditation standards, such as the Dubai Good Delivery standard (DGD) or Market Deliverable Brand standard (MDB), if applicable.

13.3 DMCC Reporting Requirements

Fulfill all reporting obligations to DMCC, including:

1. • Annual AML/CTF compliance reports

1. • Immediate reporting of significant AML/CTF incidents

1. • Cooperation with DMCC inspections and audits

14. Regulatory

14.1 Regulatory Examinations

Cooperate fully with regulatory examinations from DMCC, UAE Central Bank, and other relevant authorities, providing timely access to requested information.

14.2 Information Requests

Respond promptly and comprehensively to information requests from law enforcement or regulatory bodies.

15. Policy Review and Update

15.1 Annual Review

Conduct an annual review of this AML/CTF policy to ensure its continued effectiveness and compliance with current DMCC and UAE regulations.

15.2 Ad-hoc Updates

Update the policy as necessary in response to significant changes in regulations, business operations, or risk profile.

16. Non-Compliance

16.1 Disciplinary Action

Failure to comply with this policy may result in disciplinary action, up to and including termination of employment or service agreement.

16.2 Reporting Violations

Establish a mechanism for confidential reporting of policy violations.

17. Approval and Implementation

This comprehensive AML/CTF Policy is approved by the Board of Directors and is effective immediately. All employees and relevant third parties are required to familiarize themselves with this policy and adhere to its provisions.

Date: April 11, 2025

Last Review Date: April 11, 2025

Next Review Date: April 11, 2026