Compliance

We from Entre Biz have its own compliance department and we take it seriously to ensure that we follow all the rules and regulations that we must adhere to.

---

INTRODUCTION

This policy (the “Policy”) relates to compliance with Singapore’s Anti-Money Laundering (“AML”) and Countering the Financing of Terrorism (“CFT”) in the efforts by Entre Biz Pte Ltd. (the “Company”). This Policy’s goals are to ensure that Entre Biz complies with Singapore’s AML/CFT regulations and provide guidelines to employees on how they should handle clients pursuant to AML/CFT regulations as stated in the Payment Services Act 2019 of Monetary Authority of Singapore (MAS).

Description of Company:

Entre Biz Pte Ltd (the “Company”) is a digital payment platform that would deliver seamless cross-border payment solutions to help e-businesses accept online payments anywhere in the world through different payment methods and currencies. This allows businesses to reach more customers in selected markets.

The Company now wishes to apply for a standard payment institution license to expand its service offerings to include the provision of escrow and payment services, including domestic and cross-border payments to vendors and suppliers on behalf of clients.

Background to Policy:

The Monetary Authority of Singapore regulates and supervises financial institutions in the banking, capital markets, insurance and payments sectors which are registered in Singapore. MAS establishes rules for financial institutions which are implemented through legislation, regulations, directions and notices. Guidelines have also been formulated to encourage best practices among financial institutions. And the Monetary Authority of Singapore’s (“MAS”) Singapore’s National Policy Statement on AML/CFT is as follows:

Singapore adopts a whole-of-government approach to combating money laundering (“ML”) and terrorism financing (“TF”). This is led by the Anti-Money laundering and Countering the Financing of Terrorism (AML/CFT) Steering Committee. Singapore’s AML/CFT policy objectives are to:

i) detect, deter and prevent ML and TF; and ii)protect the integrity of its financial system from illegal activities and illicit fund flows.

The AML/CFT efforts are centered on having a sound and comprehensive legal, institutional, policy and supervisory framework; low crime rate; intolerance for corruption; an efficient judiciary; close international cooperation with other jurisdictions; an established culture of compliance; effective monitoring of the measures implemented; and decisive law enforcement actions against ML/TF threats.

Policy as part of the Company’s comprehensive and holistic AML/CFT efforts:

Financial institutions operating in Singapore are required to put in place robust controls to detect and deter the flow of illicit funds through Singapore’s financial system.

Such controls include the need for financial institutions to identify and know their customers (including beneficial owners), to conduct regular account reviews, and to monitor and report any suspicious transaction.

The AML/CFT requirements for banks can be found in this notice, which include the following:

• Risk assessment and risk mitigation.
• Customer due diligence.
• Reliance on third parties.
• Correspondent banking and wire transfers.
• Record keeping.
• Suspicious transaction reporting.
• Internal policies, compliance, audit and training.

This Policy focuses on operational guidance for employees in relation to AML/CFT concerns. However, the Company’s AML/CFT efforts extend beyond the confines of this Policy. There are 5 pillars to the Company’s AML/CFT efforts:

• Development, issuance and enforcement of this Policy
• Designation of a Chief Compliance Officer (set out in this Policy)
• A thorough and ongoing internal training program
• Periodic compliance audits
• Periodic updating and reviewing of this Policy to ensure that it remains current

---

What is MONEY LAUNDERING and FINANCING TERRORISM (ML/TF)?

Money laundering is the process by which criminals attempt to conceal the true origin and ownership of the proceeds of their criminal activities. The main legislation regulating money laundering in Singapore is the Monetary Authority of Singapore Act 1970.

Money laundering is the process by which criminals attempt to conceal the true origin and ownership of the proceeds of their criminal activities.

Financing of Terrorism means the act of providing or collecting funds with the intention that they be used, or in the knowledge that they are to be used, in order to carry out terrorist acts.

While the techniques for laundering funds vary considerably and are often highly intricate, there are generally three stages in the process:

Placement: The physical disposal of cash proceeds derived from illegal activity.

Layering: Separating illicit proceeds from their source by creating complex layers of financial transactions designed to disguise the source of money, subvert the audit trail and provide anonymity.

Integration: Creating the impression of apparent legitimacy to criminally derived wealth. These three stages may occur as separate and distinct phases. They may also occur simultaneously or more commonly, overlap. How money is laundered depends on the circumstances. If the layering process has succeeded, integration schemes place the laundered proceeds back into the economy in such a way that they re-enter the financial system appearing to be normal business funds. Money remittance services are often used by money launderers and terrorist financiers in the layering stage to disguise the origin and real purposes of funds.

The main legislation regulating money laundering in Singapore is Monetary Authority of Singapore Act 1970. In particular, it is mentioned as offence to Money laundering and Financing of Terrorism.

(1) The Authority may, from time to time, issue such directions or make such regulations concerning any financial institution or class of financial institutions as the Authority considers necessary for the prevention of money laundering or for the prevention of the financing of terrorism.

27B: The Authority may, from time to time, issue such directions or make such regulations concerning any financial institution or class of financial institutions as the Authority considers necessary for the prevention of money laundering or for the prevention of the financing of terrorism.

(1A) In particular, the directions and regulations under subsection
(1) may provide for —
(a) customer due diligence measures to be conducted
by financial institutions to prevent money laundering and the financing of terrorism; and
(b) the records to be kept for that purpose.
(2) A financial institution which —
(a) fails to comply with a direction issued to it under subsection (1);
(b) contravenes any regulation made under subsection (1); or
(c) contravenes subsection (1B),

shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $1 million and, in the case of a continuing offence, to a further fine of $100,000 for every day or part of a day during which the offence continues after conviction.

The Payment Services Act 2019 came in effective form 28 January 2020 which will supersede the Terrorism (Suppression of Financing) Act (the “TSOFA”) and the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act (“CDSA”) for money laundering and Financing of the terrorism.

---

PENALTIES FOR MONEY LAUNDERING AND FINANCING OF TERRORISM

The Company has a statutory duty to comply with AML/CFT regulations to prevent money laundering and the financing of terrorism, and to report suspicious transactions. All employees must therefore comply with this Policy strictly. Should there be a breach of this policy, the Company’s Chief Compliance Officer (“CCO”) must be informed of said breach immediately.

---

AML/CFT LEGISLATION/NOTICE IN SINGAPORE

Other applicable AML/CFT legislation/Notice in Singapore includes: The Payment Services Act 2019 (“PS Act”) is

• Monetary Authority of Singapore (“MAS”) Notice PSN01 “Prevention of Money Laundering and Countering the Financing of Terrorism – Holders of Payment Services License (Specified Payment Services)”; and
• MAS Notice PSN02 “Prevention of Money Laundering and Countering the Financing of Terrorism – Holders of Payment Service License (Digital Payment Token Service)”.

---

GENERAL AML/CFT OBLIGATIONS

Know your client/client due diligence:

The purpose of conducting Know Your Client (“KYC”) / Client Due Diligence (“CDD”) checks is to prevent the Company from being used, intentionally or unintentionally, for illicit activities such as money laundering or financing terrorism.

The Company must not deal with any person on an anonymous basis or any person using a fictitious name. KYC/CDD checks must be performed in the following circumstances:

When an account relationship is established with any customer
When a transaction for a customer who does not have an established account relationship is undertaken
When a transfer of funds*(local or cross-border transactions) for a customer who does not have an established account relationship is affected or received
If money laundering or terrorism financing is suspected
If there are any doubts as to the veracity or adequacy of any information previously obtained
*KYC/CDD checks must be performed regardless of the amount involved in any particular transaction.

How to perform standard KYC/CDD checks

The following information for a standard KYC/CDD check must be obtained and verified:

Natural persons

• Full name, including any aliases
• Unique identification number (e.g. NRIC, passport number, birth certificate number, etc)
• Residential address
• Date of birth
• Nationality
• Telephone number
• E-mail address

Legal persons or legal arrangements

• Full name of entity
• Unique identification number (e.g. UEN or business registration number, etc)
• Registered business address or principal place of business
• Telephone number
• E-mail address
• Date of establishment, registration, or incorporation
• Place of registration or incorporation
• Legal form (e.g. company, trust, foundation, society, etc)
• Constitution and powers (e.g. company constitution, trust deed, etc)
• Full names, including aliases, of persons connected to the client (e.g. shareholders, directors, officers, trustees, etc)
• Unique identification numbers (e.g. NRIC, etc) of persons connected to the client
• Nature of the client’s business, and its ownership and control structure

All identification documents should be current and not expired. Digitally-generated documents such as ACRA business registration reports should be recent (<3 months old) and ideally should be obtained directly by the Company rather than through the client. Note: A “legal person” is an entity other than a natural person that can establish a permanent customer relationship with a financial institution or otherwise own property (e.g. a company). A “legal arrangement” means a trust or other similar arrangement.

Verification of an authorized person’s identity

It is common for companies to appoint an authorized person to act or carry out instructions on the company’s behalf. If the Company is instructed by an authorized person, the following additional details of the authorized person must be obtained and the person’s identity and authority to act for the entity must be verified:

• Full name, including any aliases
• Unique identification number (e.g. NRIC, passport number, birth certificate number, etc)
• Residential address
• Date of birth
• Nationality
• Documentary evidence authorizing the person to act for the entity
• Specimen signature
• Contact person in the entity to contact and verify the authorized person’s details

Verification of a Singapore Government entity

If the client is a Singapore Government entity, the Company is only required to obtain information to confirm that the entity is in fact a Singapore Government entity as claimed. Singapore Government entities are regarded as Low risk.

Verification of beneficial owners

The Company must enquire if there are beneficial owners in relation to the client. If there are beneficial owners, the Company must conduct the following KYC/CDD checks.

Legal persons: Identify the natural persons who ultimately own or control the legal person. In the absence of such persons, the persons with executive authority (e.g. CEO) must be identified.

Legal arrangements: Identify the settlors, trustees, protector (if any), beneficiaries (including every beneficiary that falls within a designated characteristic or class), and any natural person exercising ultimate ownership or effective control over the trust, and the equivalent positions for any other type of legal arrangement. To identify beneficiaries of trusts that are designated by characteristics or by class, the Company is required to obtain sufficient information concerning the beneficiary to satisfy that it is able to establish the identity of the beneficiary when the beneficiary intends to exercise its vested rights.

Prohibitions: The Company is prohibited from opening or maintaining anonymous client accounts or accounts under fictitious names.

Exceptions: The Company is not required to enquire about beneficial ownership if the client is: an entity listed on the Singapore Exchange; an entity listed on a stock exchange outside Singapore that is subject to regulatory disclosure requirements and requirements for adequate transparency in relation to beneficial owners, imposed through stock exchange rules, law, or other enforceable means; a financial institution that is licensed, approved, registered, or regulated by MAS; Note: Does not include holders of stored value facilities, or persons exempt from licensing, approval or regulation by MAS under any Act administrated by MAS, including a private trust company exempted from licensing under section 15 of the Trust Companies Act (Cap. 336) read with regulation 4 of the Trust Companies (Exemption) Regulations (Rg. 1) (e) A person exempted under section 99(1)(h) of the Securities and Futures Act (Cap. 289) read with paragraph 7(1)(b) of the Second Schedule to the Securities and Futures (Licensing and Conduct of Business) Regulations;

a financial institution incorporated or established outside Singapore that is subject to and supervised for compliance with AML/CFT requirements consistent with standards set by the Financial Action Task Force (“FATF”); or an investment vehicle where the managers are financial institutions under (c) – (f) above unless the Company has doubts about the veracity of the KYC/CDD information provided, or suspects that the client, account relationship, or a transaction may be connected with money laundering or terrorism financing.

Verification using independent source documents

The Company should always use reliable and independent source documents to obtain such information. Examples of independent source documents include NRIC, passport, ACRA/BizFile records, etc.

Requirement to understand nature of account relationships and transactions without account opening

The Company must ensure that it understands the purpose and intended nature of each application to establish an account relationship. The Company must document its findings with a view of making such information availabletotherelevantauthoritieswhere required. The Company’s policy is to not permit transactions without first establishing an account relationship with the client unless otherwise authorized by the CCO.

Review of past transactions

When the Company:

a) Establish an account relationship with a client; or
b) Undertake a transaction for a client that does not have an account relationship,

the Company should review past transactions to ensure that the current account relationship or transaction is consistent with the past transactions and the company’s knowledge of the client, its business and risk profile, and (where appropriate) its source of funds.

Ongoing monitoring

The Company must conduct ongoing monitoring of its account relationships with clients, including observing the conduct of the client accounts and ensuring that the account activity is consistent with the Company’s knowledge of the client, its business and risk profile, and (where appropriate) its source of funds. The Company should pay special attention to all complex, unusually large, or unusual patterns of transactions that have no apparent or visible economic or lawful purpose. The Company should, to the extent possible, understand the background and purpose of these transactions, and document the findings with a view of making such information available to the relevant authorities where required.

The Company should ensure that its KYC/CDD data is up-to-date by undertaking periodic reviews of existing KYC/CDD data, and requesting updated information where otherwise reasonably appropriate. The Company is required to report suspicious transactions.

If the Company reasonably suspects that an existing account relationship is connected with money laundering or terrorism financing, the Company must report this to the CCO immediately. An authorized senior manager of the Company (the “Authorizing Officer”) will then make a decision if the client will be retained. For the avoidance of doubt, a CCO is not precluded from being appointed as an Authorizing Officer.

If the Company chooses to retain the client, the Authorizing Officer must substantiate and document the reasons for retaining the client, and the client’s account must be monitored more closely.

Requirement for face-to-face contact

From a regulatory compliance perspective, an organization can establish an account relationship with a client, or undertake transactions for a client without an account relationship, even if the organization has not met the client face-to-face, so long as it has obtained prior written approval from MAS, upholds the same KYC/CDD standards as it would otherwise impose if it was meeting the client face-to-face, and has policies and procedures in place to address the risks associated with not meeting the client face-to-face.

The Company has developed highly sophisticated processes for digital onboarding and KYC. In view of the COVID-19 pandemic, and given the Company’s expertise in digitizing these processes, the Company’s policy is that a face-to-face meeting with the client is not required to establish an account relationship, provided that the clients are able to establish their identities and clears all KYC/CDD checks to the Company’s satisfaction.

Where the Company takes the view that digital onboarding is inadequate in a particular client’s circumstances and verification must be done in- person, you may arrange a face-to-face meeting with the client subject to the necessary safe management requirements. You must inform Entre Biz’s Safe Management Officer in writing in advance of the meeting, and provide supporting reasons for why in person verification is required, to ensure that Entre Biz has the necessary information in the event a visitor or Entre Biz employee tests positive for COVID-19.

AML/CFT compliance is a high priority to Entre Biz. Accordingly, you should always conduct comprehensive and thorough KYC/CDD procedures, even if it necessitates an in-person meeting with safe management requirements.

Acquiring the business of another financial institution

In the event the Company acquires the business, whether wholly or in part, of another financial institution (“Business”), the Company will perform KYC/CDD checks on all the clients acquired with the Business at the time of acquisition, except where:

a) The Company has also acquired the corresponding KYC/CDD records of the Business’s clients and has no doubts as to the veracity or accuracy of those records; and
b) The Company has conducted and documented due diligence on the Business and has no doubts that the Business’s AML/CFT measures are adequate.

Incomplete or unsatisfactory AML/CFT checks

When the Company is unable to complete the measures as required by paragraphs 7, 8 and 9 of the MAS Notice PSN01 and paragraphs 6, 7 and 8 of MAS Notice PSN02 the Company shall not commence or continue an account relationship with any customer or undertake any relevant business transaction without an account being opened for any client. The Company shall consider if the circumstances are suspicious so as to warrant the filing of the STR.

Joint accounts

KYC/CDD checks must be performed on all joint account holders.

Existing customers

If the Company has any clients preceding this Policy that were not subject to the KYC/CDD checks described in this Policy, those checks must now be performed on the clients.

Screening

All parties subject to KYC/CDD checks (including clients, authorized persons

c) Politically exposed person’s lists;
d) Money laundering or terrorism financing lists; and
e) Any other lists or information provided by MAS or any other Singapore Government authority.

Screening results must be documented and retained for future reference in accordance with the record keeping and retention section of this policy.

---

ENHANCED DUE DILIGENCE

When must the Company perform Enhanced Due Diligence?

The Company must perform Enhanced Due Diligence (“EDD”) checks on clients if they meet any of the following criteria: the client is a politically exposed person (“PEP”); the client or any beneficial owner of the client is from or a resident of a country or jurisdiction for which the FATF has called for action (see Appendix 1);

The client or any beneficial owner of the client is from 6

or in a country or jurisdiction that the Company or MAS has deemed to have inadequate AML/CFT measures;

or Any other instance in which the Company feels that standard KYC/CDD checks are inadequate or where the client presents a higher risk of money laundering or terrorism financing.

What additional checks must be performed for EDD?

In addition to all CDD checks, the Company must perform the following for EDD

• Alert the CCO;
• Obtain approval from an Authorizing Officer about whether to establish or continue an
• account relationship with a client or undertake any transactions for the client;
• perform KYC/CDD checks on the beneficiary/recipient of the funds;

Establish, by appropriate and reasonable means, the client’s source of wealth, each beneficial owner’s source of wealth, and the source of funds of the acting on behalf of clients, connected parties such as shareholders, directors, or officers, beneficial owners, etc) shall be screened against the following information sources:

a) Sanctions lists;
b) relevant transaction; and enhance the frequency,
c) degree, and nature of monitoring the client’s account relationship and transaction behaviors
to assess if it is unusual or suspicious.
d) If a client is a domestic PEP (i.e. from Singapore), international organization PEP (e.g. United Nations), or a retired or former PEP, or a family member or close associate thereof, the Company should undertake and document a risk assessment to establish if the client falls under the high -risk category of beinginvolvedorhavinganyconnectionsofmoney launderingorterrorismfunding.

If the client is not in the high-risk category, the Company may submit a request to the CCO to perform a standard KYC/CDD check instead of an EDD check.

Relying on third-party AML checks

MAS’s AML/CFT regulatory framework permits reliance on third-party AML checks subject to certain conditions. However, the Company does not permit this at present, as it has not obtained written approval from MAS to do so. Therefore, the Company has to conduct AML/CFT checks as prescribed in this Policy without reliance on third-party AML checks until otherwise notified by way of an update to this Policy.

A “third-party AML check” means the outsourcing or conduct of the AML process, including KCY/CDD checks by a third-party.

Utilizing a third-party database such as Refinitiv (formerly Thomson Reuters World Check) or Dow Jones Risk & Compliance, in order to conduct KYC/CDD checks against PEP, AML, terrorism, and sanctions watch lists, is not in itself outsourcing the AML process to a third-party. It is merely using a database subscription to assist the Company to conduct its own KYC/CDD checks.

Risk assessment

As part of the Company’s KYC/CDD processes, a risk assessment of every client must be conducted after conducting the necessary AML processes including verification of the client’s details and screening. Risk assessments must be conducted holistically and all the circumstances of the client or transaction must be taken into account including but not limited to:

• The identification of the client (and beneficiary/recipientwhereappropriate);
• The country or jurisdiction the client is from or in;
• The nature of the client’s work or operations; and

The details,volume,andquantumofthetransaction(s)carried out by the client (and beneficiary/recipient appropriate).

The Company uses 3 tiers of risk assessment categories: Low, Normal, and High

Clients requiring EDD are generally considered to be High risk clients. This does not mean that the Company cannot on-board them as clients, but they will need further approvals from the CCO and Approving Officer, and require ongoing monitoring and frequent checks to ensure that any AML/CFT risks are minimized.

Singapore Government entities are considered Low risk. Please see Verification of a Singapore Government entity for the relevant KYC/CDD requirements in such a scenario

---

APPOINTMENT OF AGENTS

The Company does not appoint agents to assist in the provision of its remittance business except where the agency arrangement has been documented in writing and approved by the CCO and an Authorizing Officer. If the Company wishes to appoint an agent to assist in the provision of the Company’s remittance business, the following steps must be undertaken:

a) Appropriate steps must be taken to identify, assess, and understand the AML/CFT risks associated with the jurisdictions in which the agent operates;
b) AML/CFT checks and ongoing monitoring must be performed on the agency;
c) Ensuring the agency has not been black-listed or prohibited from operating by MAS; and
d) Submitting a request to the CCO and obtaining a written confirmation from the Authorizing
Officer to proceed.

The CCO must maintain a current list of the Company’s agents and, upon request, must make this list available to the MAS and any other relevant authorities in the jurisdictions where the agent operates.

---

WIRE TRANSFERS

This section sets out the Company’s internal risk-based policies, procedures and controls to determine when to execute, reject, or suspend a wire transfer that lacks the required information.

If the Company orders a wire transfer, the Company must identify the wire transfer originator and verify his/her/its identity (if this has not been done when conducting KYC/CDD checks) and record information such as the date of the transfer, type of transfer, amount of transfer, currency, etc.

If the Company is the ordering institution in relation to a wire transfer, all transfer originator and beneficiary information collected by the Company must be documented.

Cross-border wire transfers

Transfers below or equal to S$1,500

If the Company is the ordering institution, it must include in the message or payment instructions accompanying the transfer all of the following information (the “Cross-Border Transfer Information”):

a) The transfer originator’s name;
b) The transfer originator’s account number (or uniquec) transaction number if no account number exists)
c) The transfer beneficiary’s name; and
d) The transfer beneficiary’s account number (or unique transaction number if no account number exists).

Transfers below or equal to S$1,500 through an intermediary institution in Singapore

If the Company is the ordering institution and is making a transfer through an intermediary institution in Singapore, the following information may be included in the message or payment instructions:

a) The unique transaction number;
b) The transfer beneficiary’s name; and
c) The transfer beneficiary’s account number.

To facilitate this reduced scope of information, the Company’s unique transaction numbers must permit the transactions to be traced back to the transfer originators and beneficiaries, and the Company shall provide the Cross-Border Transfer Information to the beneficiary institution. The Company shall also provide the full Cross-Border Transfer Information within 3 business days of receiving a request by the MAS, an intermediary institution in Singapore, or any other relevant authority in Singapore. If requested by a law enforcement authority in Singapore, the Company shall provide the Cross- Border Transfer Information immediately.

Transfers exceeding S$1,500

If the Company is the ordering institution, it must include in the message or payment instructions accompanying the transfer the Cross-Border Transfer Information set out above, and any of the following information about the transfer originator (collectively, the “Expanded Cross-Border Transfer Information”):

a) Residential address, business address, or principal place of business if different from the business address;
b) Unique identification number (e.g. NRIC, passport, or UEN); or Date of birth, incorporation or
registration.

Transfers exceeding S$1,500 through an intermediary institution in Singapore

Similar to transfers below or equal to S$1,500, if the Company is the ordering institution and is making a transfer through an intermediary institution in Singapore, the following information may be included in the message or payment instructions:

a) The unique transaction number
b) The transfer beneficiary’s name; and
c) The transfer beneficiary’s account number.

To facilitate this reduced scope of information, the Company’s unique transaction numbers must permit the transactions to be traced back to the transfer originators and beneficiaries and the Company shall provide the Expanded Cross-Border Transfer Information to the beneficiary institution.

The Company shall also provide the Expanded Cross- Border Transfer Information within 3 business days of receiving a request by the MAS, an intermediary institution in Singapore, or any other relevant authority in Singapore. If requested by a law enforcement authority in Singapore, the Company shall provide the Expanded Cross- Border Transfer Information immediately.

Bundling cross-border wire transfers

Where several individual cross-border transfers from the same transfer originator are bundled in a batch file for transmission to transfer beneficiaries, The Company must ensure that the batch transfer file contains all the verified transfer originator and transfer beneficiary information that would be required if the transfer was not bundled.

Domestic wire transfers

a) If the Company is an ordering institution, the Company must include in the message or payment instructions accompanying the transfer the following information (collectively, the “Domestic Transfer Information”): Transfer originator’s name
b) Transfer originator’s account number (or unique transaction number if no account number exists)
c) Any of the following:

i. Residential address, business address, or principal place of business if different from the business address;
ii. Unique identification number (e.g. NRIC, passport, or UEN); or
iii. Date of birth, incorporation or registration

The Company may include only the transfer originator’s account number (or unique transaction number if no account number exists) in the message or payment instructions accompanying the transfer if it would be sufficient to allow the transactions to be traced back to the transfer originators and beneficiaries.

The Company shall provide the Domestic Transfer Information within 3 business days of receiving a request by the MAS, an intermediary institution in Singapore, or any other relevant authority in Singapore.

If requested by a law enforcement authority in Singapore, the Company shall provide the Domestic Transfer Information immediately.

Inability to comply

If the Company is unable to comply with the wire transfer requirements set out above, the wire transfer must not be executed.

Where the Company is a beneficiary institution

Cross-border transfers

If the Company is the beneficiary institution:

a) Reasonable measures must be taken to identify cross-border wire transfers that lack the necessary Cross- Border Transfer Information or Expanded Cross-Border Transfer Information;
b) Where funds are paid in cash or cash equivalents, the Company must identify and verify the transfer beneficiary if it has not already been verified.

If any of the above measures cannot be performed, the CCO must be alerted immediately.

Where the Company controls both the ordering and beneficiary institution

If the Company controls both the ordering and beneficiary institution in a wire transfer, all transfer information from the ordering and beneficiary institution must be taken into account to determine if it is a suspicious transaction.

If found to be a suspicious transaction, the Company must file a Suspicious Transaction Report.

Where the Company is an intermediary institution

If the Company is an intermediary institution in relation to a particular wire transfer, all information accompanying that wire transfer (the “Accompanying Information”) must be retained.

If the Company effects a wire transfer to another intermediary or beneficiary institution, Accompanying Information must be provided to that intermediary or beneficiary institution.

If technical limitations prevent Cross-Border Transfer Information or Expanded Cross-Border Transfer Information from remaining with a related domestic wire transfer, a record of all the information received from the ordering or other intermediary institution must be kept for at least 5 years.

Cross-border wire transfers that lack the required Cross-Border Transfer Information or Expanded Cross-Border Transfer Information must be identified and reported to the CCO.

---

RECORD-KEEPING AND RETENTION

The Company must create, maintain, and/or retain all records prescribed by this Policy The Company is required to document KYC/CDD checks, and PEP, AML, terrorism, and sanctions watch list checks, as evidence that the necessary KYC/CDD has been conducted on the dates contained therein.

All transaction records must be detailed enough that any individual transaction undertaken by the Company can be reconstructed, including the amount and type of currency involved, with a view to providing evidence for prosecution of criminal activity.

All records may be submitted to MAS or any other relevant authority in Singapore to assess the Company’s AML/CFT compliance efforts.

All KYC/CDD information, and data, documents, or information relating to a transaction or wire transfer, must be kept for a minimum of 5 years from the termination of the client account or completion of the transaction or wire transfer.

---

TREATMENT OF PERSONAL DATA

No right of access and correction of personal data

Subject to the exceptions below, the Company is not required to provide individual clients (natural persons) any access to or correction of that individual’s personal data under the control of the Company. Similarly, the Company is not required to provide information about the ways in which that individual’s personal data has been or may have been used or disclosed by the Company.

Exceptions

Notwithstanding the above, if the requesting individual is a client of the Company, appointed to act on a client’s behalf, connected to a client, or a beneficial owner of a client, that individual has the right to be given access to his:

• full name, including aliases
• unique identification number
• residential address
• date of birth
• nationality
• other personal data unless exempted under the Fifth Schedule to the Personal Data Protection Act 2012 (“PDPA”),

As soon as reasonably practicable.

An individual shall also have the right to correct an error or omission in relation to the types of personal data above, provided the Company is satisfied that there are reasonable grounds for such request.

No consent required in relation to this Policy

Under the PDPA, an individual’s consent is ordinarily required to collect, use, or disclose that individual’s personal data.

However, for the purposes of this Policy, the Company may directly or indirectly collect, use, and disclose personal data of an individual client, an individual appointed to act on behalf of the client, an individual connected party of a client, or an individual beneficial owner of a client, without that individual’s consent.

Nevertheless, the Company should take reasonable precautions to handle personal data with care, including protecting it, ensuring that it is not leaked or made available to the public, and that it is not used for purposes other than the AML/CFT purposes outlined in this Policy.

---

SUSPICIOUS TRANSACTION REPORTING

General obligation

Under section 39 of the CDSA, the Company has a general obligation to file a STR if it knows or has reasonable grounds to suspect that any property may be the proceeds of criminal conduct, connected in any way with criminal conduct, whether wholly or partly, directly, or indirectly. This obligation applies regardless of whether a prospective client has been on boarded or whether a transaction has just been initiated or completed.

A failure to comply with STR obligations is an offence, therefore all employees are required to comply strictly with all STR requirements.

Suspicious transactions

All transactions suspected of being connected with money laundering or terrorism financing must be reported immediately to the CCO with supporting documentation and reasons why the relevant transaction is believed to be suspicious.

Suspicious circumstances

The CCO must be alerted immediately in suspicious circumstances, such as where KYC/CDD checks cannot be completed for any reason, or where the client is reluctant, unable, or unwilling to provide information requested by the Company, or decides to withdraw or terminate a client account or pending transaction when asked for information. You should include supporting documentation and reasons why you believe the circumstances are suspicious.

Submitting suspicious transaction reports

The CCO will promptly review all alerts relating to suspicious transactions and suspicious circumstances. Upon confirmation that a transaction or circumstances are suspicious, the CCO shall promptly submit a Suspicious Transaction Report (“STR”) to a Suspicious Transaction Reporting Officer (“STRO”). If an STR is filed in relation to a suspicious transaction, a copy of the STR should also be sent to MAS.

---

ADMINISTRATION

Chief Compliance Officer

The CCO is a management-level executive and has been selected due to the CCO’s experience and qualifications in compliance matters.

The Chief Compliance Officer is:

Mr. Uttam Kumar.

The CCO is empowered to access all customer records and other relevant information that the CCO may deem required in the course of fulfilling the CCO’s duties.

Audit

The Company, through the CCO, conducts independent audits of its AML/CFT policies, procedures, and controls, and regulatory compliance. All employees are required to comply with and assist the auditors in the course of their audits.

Training

The Company conducts periodic training on AML/CFT topics, including:

• AML/CFT laws
• Money laundering and Terrorism financing techniques and strategies
• The Company’s own AML/CFT policies, procedures, and controls
• KYC/CDD measures
• Detecting and reporting suspicious transactions or circumstances.

All employees and staff are required to attend these training sessions.

New services

This Policy should be revisited where the Company introduces new services, with a view to assessing whether the new services pose any AML/CFT risk. The Policy should be updated where necessary to address AML/CFT risks arising from the new services.

---

SOP REVISION HISTORY

---

APPENDIX 1: LIST OF FATF HIGH-RISK AND OTHER MONITORED JURISDICTIONS

High-Risk Jurisdictions subject to a Call for Action (the “Black List”)

High-risk jurisdictions have significant strategic deficiencies in their regimes to counter money laundering, terrorist financing, and financing of proliferation. For all countries identified as high-risk, the FATF calls on all members and urges all jurisdictions to apply enhanced due diligence, and in the most serious cases, countries are called upon to apply counter-measures to protect the international financial system from the ongoing money laundering,terrorist financing, and proliferation financing (ML/TF/PF)risks emanating from the country.

• Democratic People’s Republic of Korea (DPRK)
• Iran

Source: https://www.fatf-gafi.org/publications/high-risk-and-other-monitored-jurisdictions/documents/increased- monitoring-march-2022.html

Jurisdictions under Increased Monitoring (the “Grey List”)

Jurisdictions under increased monitoring are actively working with the FATF to address strategic deficiencies in their regimes to counter money laundering, terrorist financing, and proliferation financing. When the FATF places a jurisdiction under increased monitoring, it means the country has committed to swiftly resolve the identified strategic deficiencies within agreed timeframes and is subject to increased monitoring.

The FATF does not call for the application of enhanced due diligence to be applied to these jurisdictions, but encourages its members to take into account the information presented below in their risk analysis.

• Albania
• Barbados
• Burkina
• Faso
• Cambodia
• Cayman Islands
• Gibraltar
• Haiti
• Jamaica
• Jordan
• Mali
• Morocco
• Myanmar
• Nicaragua
• Pakistan
• Panama
• Philippines
• Senegal
• South Sudan
• Syria
• Türkiye
• Uganda
• United Arab Emirates
• Yemen

Source: Documents – Financial Action Task Force (FATF) (fatf-gafi.org)

Black List and Grey List correct as at June 2022