1. POLICY

This policy sets out the Company’s principles and measures adopted to ensure that the Company adheres with applicable laws and regulatory requirements in relation to combating money laundering, corruption and financing terrorism. This document describes the degree of due diligence to be applied for establishing, managing, monitoring and declassifying/terminating business relationships at the various stages of the client relationship lifecycle.

This document requires that the Company comply with the following basic principles:

i. Do not accept funds which the Company knows, or is expected to know, are proceeds of criminal activities.
ii. Do not enter into or maintain business relationships with shell banks
iii. Determine the identity of the contracting partner and beneficial owners
iv. Apply a risk-based approach
v. Undertake additional investigations for business relationships and transactions with increased risks
For employees, the main objectives of this policy are to:
i. Enhance awareness of all employees (especially higher-risk roles) to money laundering and financing terrorism risks to the business;
ii. Enable staff follow a Risk Based Approach to mitigating Anti Money Laundering (AML) and Counter Terrorism Financing (CFT) risks and provide reasonable assurance that the Company does not accept assets which it knows or should be reasonably be expected to know are proceeds of crime;
iii. Ensure that the Company remains complaint with all relevant money laundering legislation and regulation;
iv. Define a framework for staff encountering suspicious activity, transactions or behaviour to escalate/notify the Money Laundering Compliance Officer (MLCO) or compliance; v. Retain the confidence of FlashChange’s key stakeholders, including regulators and law enforcement

2. SCOPE

This policy applies to all business undertaken by the Company where it is required to identify and undertake due diligence for anti-money laundering purposes on client’s relationships. The policy applies to all employees of the Company and each member of staff must ensure they understand the personal role and responsibilities resulting from this policy.
Non-adherence to any part of this policy may lead to disciplinary action, up to including dismissal.

3. ROLES AND RESPONSIBILITIES

3.1. The Board

The Board will be responsible for approving this policy and ensuring the AML/CFT measures adopted by the Company are sufficiently robust and adequate for the Company’s operations. The Board will also have the responsibility to ensure that any staff involved in whistleblowing or making suspicious activity reports are protected from any form of victimisation.

3.2. Executive Management

The implementation and maintenance of an effective AML programme that meets the Company’s objectives will primarily be the responsibility of Executive Management led by the CEO. The Executive Management team must ensure adequate resources are made available for the implementation, review and control of the AML/CFT programme, including the appointment of an AML/CFT Compliance Officer with the relevant competence, authority and independence to undertake the institution’s AML/CFT compliance programme.

3.3. AML/CFT Compliance Officer

The duties of the AML/CFT Compliance Officer, among others, will include:
i. Developing an AML/CFT Compliance Programme;
ii. Providing reports to the Board on issues of the AML/CFT programme;
iii. Receiving and vetting suspicious transaction reports from staff;
iv. Filing suspicious transaction reports with the NFIU;
v. Rendering “nil” reports with the NFIU, where necessary to ensure compliance; vi. Ensuring that the Company’s compliance programme is implemented;
vii. Coordinating the training of staff in AML/CFT awareness, detection methods and reporting requirements; and
viii. Serving both as liaison officer with the SEC and NFIU and a point-of contact for all employees on money laundering and terrorist financing issues.

4. OVERVIEW AND POLICY FRAMEWORK

4.1. What is Money Laundering

Money Laundering is the process by which money that is illegally obtained is made to appear to have been legally obtained. By a large variety of methods, the nature and ownership of these criminal proceeds are concealed. The consequence is that the origin of and the entitlement of the money are disguised and the money can be reused to benefit the criminal and/or their associates.
This process is often achieved by converting the original illegally obtained proceeds which can take the form of cash, property, jewellery, into other forms such as deposits or securities and to confuse the audit trail by transferring them from one financial institution to another.

4.2. The Three Stages of Money Laundering

4.3. AML Policy

5. REGULATORY OVERVIEW

As a business registered and regulated in Nigeria, the Company is required to comply with two parallel regimes: the regulatory and legislative regimes.

5.1. Regulatory

The regulatory requirements as prescribed by the SECURITIES AND EXCHANGE COMMISSION (CAPITAL MARKET OPERATORS ANTI-MONEY LAUNDERING AND COMBATING THE FINANCING OF TERRORISM) REGULATIONS, 2013 which aims to prevent and detect money laundering and to counter terrorism financing. To achieve this, the requirements set out system and controls (SYSC) rules that require senior management to establish appropriate procedures and controls to manage the risk of a Company’s products being used for the purposes of financial crime.

5.2. Legislative

The legislative requirements in MONEY LAUNDERING (PROHIBITION) (AMENDMENT) ACT (MLPA), 2012, THE TERRORISM (PREVENTION) ACT 2011 and THE TERRORISM (PREVENTION) (AMENDMENT) ACT, 2013 are the set of money laundering legislation applicable throughout Nigeria to the proceeds of all crimes. Within the legislation, there is a disclosure regime contained which makes it an offence for a Company or an employee of the Company not to disclose knowledge or suspicion of proceeds of crime and money laundering. The list of crimes includes, but not limited to:


• Participation in an organized crime groups and racketeering;
• Terrorism, including terrorist financing;
• Trafficking in human beings and migrant smuggling;
• Sexual exploitation, including sexual exploitation of children;
• Illicit trafficking in narcotic drugs and psychotropic substances;
• Illicit arms trafficking;
• Illicit trafficking in stolen and other goods;
• Corruption and Bribery;
• Fraud;
• Counterfeiting currency;
• Counterfeiting and piracy of products;
• Environmental crime;
• Murder, grievous bodily injury;
• Kidnapping, illegal restraint and hostage taking;
• Robbery or theft;
• Smuggling;
• Extortion;
• Forgery;
• Piracy; and
• Insider trading and market manipulation.

Further, the Company has the duty to:
• Ensure transactions above the threshold of N5,000,000 for individuals and N10,000,000 for corporate persons, or the equivalent in any currency, are reported to the NFIU.
• Ensure a transfer of funds or securities to or from a foreign country in excess of US$10,000 or its naira equivalent is reported to the Securities and Exchange Commission ("SEC").

5.3. Principal provisions of MLPA, 2012

The MLPA 2013 creates four main offences broadly described below:


• Participation in an organized crime groups and racketeering;
• Terrorism, including terrorist financing;
• Trafficking in human beings and migrant smuggling;
• Sexual exploitation, including sexual exploitation of children;
• Illicit trafficking in narcotic drugs and psychotropic substances;
• Illicit arms trafficking;
• Illicit trafficking in stolen and other goods;
• Corruption and Bribery;
• Fraud;
• Counterfeiting currency;
• Counterfeiting and piracy of products;
• Environmental crime;
• Murder, grievous bodily injury;
• Kidnapping, illegal restraint and hostage taking;
• Robbery or theft;
• Smuggling;
• Extortion;
• Forgery;
• Piracy; and
• Insider trading and market manipulation.

Further, the Company has the duty to:
• Ensure transactions above the threshold of N5,000,000 for individuals and N10,000,000 for corporate persons, or the equivalent in any currency, are reported to the NFIU.
• Ensure a transfer of funds or securities to or from a foreign country in excess of US$10,000 or its naira equivalent is reported to the Securities and Exchange Commission ("SEC").

5.3.1. Assistance

It is an offence for any person to acquire, use, possess, conceal, disguise, convert, transfer or remove property out of Nigeria, or to enter into an arrangement that they know or suspect facilitates the acquisition, retention, use or control of criminal property on behalf of another person.
It is an offence to assist anyone whom you know or suspect to be laundering any property obtained from criminal conduct. However, to be guilty of an offence of this type, the individual must have done more than simply committing the act of assistance, but have done so with requisite knowledge.

5.3.2. Failure to report

The mandatory reporting offence now applies to those working in the financial sector, such as the employees of this Company. It is an offence for any person that discovers information during the course of their employment that makes them know or suspect that criminal funds are being laundered or which raises reasonable grounds for suspicion and not report their knowledge to the Company’s designated Money Laundering Compliance Officer or law enforcement agencies.
In addition to the MLPA 2012, there is specific Nigerian legislation relating to terrorism. The main legislation, THE TERRORISM (PREVENTION) ACT 2011 AND THE TERRORISM (PREVENTION) AMENDMENT ACT, 2013 makes it an offence for those working in the regulated sector who fail to report (as soon as possible) knowledge, suspicion, or reasonable grounds for suspicion of offences or attempted offences relating to the following:
• Fund raising: covers inviting another to provide money or property to fund terrorism • Use and possession: covers using money or other property for the purpose of terrorism • Funding arrangements: Covers involvement in funding arrangements as a result of which money or other property is made available to terrorism

5.3.3. Retaining

Any person who retains the proceeds of a crime or of any illegal activity on behalf of another person commits an offence and will be liable on conviction to imprisonment for a term of not less than 5 years or to a fine equivalent to five times the value of the proceeds of the criminal conduct or to both such fine and term of imprisonment.

5.3.4. Tipping off

Even where suspicions are reported, staff must generally be careful not to alert the suspicions of the alleged launderer, as this can amount to an offence for the employee. This offence, if convicted, is punishable by a term of imprisonment of between two and three years or a fine of 500,000 naira to 1 million.

6. A RISK ASSESSMENT OF THE AML RISK

In order to comply with Section 3 of SEC requirements, we detail below the Anti-Money Laundering Risk Assessment for the Company.

The Company will undertake a risk based assessment of its money laundering risks with the aim of using internal and external information to identify the major risk areas in relations to our clients, products and services. In instances where risks have been identified as High or Higher, the Company will review the relationship at least annually. In addition, a Financial Crime Management Committee will be established and conduct meetings used to raise issues and questions regarding the application of the risk based approach.

6.1. Risk Based Approach

The Company will use appropriate risk variables to classify all its clients into one of four AML risk grouping; Higher, High, Medium or Lower Risk and ensure that these assessments are subject to regular review. The Company will consider a number of factors when determining the risk profile of a client. This will include, but not limited to, the clients Political Exposure (PEPs), geographic or domicile risks (Country location) and industry/ activity risks.
Overall, as part of the Company’s risk based approach, Management commit to:
• Establish clear client acceptance standards which elevate to require enhanced due diligence as the risk of the client increases
• Establish procedures relating to client identification and screening against appropriate information sources and/or databases to determine acceptability
• Establish procedures to ensure client profiling identifies the purpose and reasons of clients seeking a business relationship with the Company
• Ensure roles and responsibilities are clearly defined and documented
• Establish and conduct relevant training
• Appoint a designated money laundering compliance officer responsible for oversight of the AML program
• Establish monitoring procedures designed to identify and report unusual or suspicious activity • Maintain records of the client verification process and transactions for the period stipulated by law

7. CLIENT/CUSTOMER DUE DILIGENCE MEASURES

7.1. Who is our client?

8. CUSTOMER DUE DILIGENCE

During client identification and verification, an assessment will be made on the money laundering risk that a client might pose to the Company and on this basis determine which of the two measure will be applied:
• Enhanced due diligence (EDD) – for higher risk situations, clients operating in high risk jurisdictions, complex organisations, and politically exposed persons;
• Simplified due diligence (SDD) – which may be applied to certain Companies in the financial sector, companies listed on a regulated market, public authorities, certain pension funds and low risk products. 8.1. Enhanced due diligence (EDD)

Enhanced Due Diligence is required where the customer and product/service combination is considered to present a higher risk of money laundering or financing terrorism. There are a number of situations that can be counted as high risk such as:
• where you do not meet your client face to face;
• the jurisdiction in which the client is domiciled i.e. sensitive/high risk countries – see 8.2 for further details.
• the industry in which the client operates i.e. sensitive industry e.g. defence, Firearms or Tobacco; or
• where you are dealing with a politically exposed person (PEP) – See 8.3 for further details
Where the Company has assessed a client as having an increased risk profile, it may be appropriate to conduct enhanced due diligence procedures for that customer. Key considerations when undertaking a process of enhanced due diligence are to develop an understanding (and documentary evidence as applicable) of:
• Where the client’s funds and source of wealth/investment originate from;
• Other businesses the client may have investments in;
• The current and recent historical financial position of the prospective client;
• Any other entities or connected persons associated with the client;
• The identity of each beneficial owner and signer.
• Press/media coverage of the client or its beneficial owners
• The anticipated account activity levels, products, services and geographic dispersion of transactions for the client.
A high-risk customer does not mean that they are involved in money laundering or other criminal activity but that there is an increased opportunity to be involved.

Politically Exposed Persons (PEPs)
When applying EDD measures, the category of PEPs comprises of higher-ranking public officials, members of parliament, and such persons’ immediate families and close associates. Prominent PEPs can pose a higher risk because their position may make them vulnerable to corruption. Relationships of this nature should obtain approval from the Money Laundering Compliance Officer and CEO before commencing business with them.
Where the client is already a client of the Company and has an ongoing relationship with us and is identified to be a PEP, approval must be obtained the Money Laundering Compliance Officer and the CEO in order to continue the business relationship.
What is a PEP?
The Company must consider risks associated with providing services to individuals or entities which are associated with Politically Exposed Persons (PEPs). For the purpose of this manual, the Financial Action Task Force (FATF) definition of PEP will be relied on and is as follows:

Domestic PEPs: individuals who are or have been entrusted domestically with prominent public functions, for example Heads of State or of government, Governors, Local government chairmen, senior politicians, senior government officials, judicial or military officials, senior executives of state owned corporations, important political party officials, family members and close associates and Members of Royal Families.
Foreign PEPs: individuals who are or have been entrusted with prominent public functions by a foreign country, for example Heads of State or of government, senior politicians, senior government, judicial or military officials, senior executives of state owned corporations, important political party officials.
International organisation PEPs: persons who are or have been entrusted with a prominent function by an international organisation, refers to members of senior management or individuals who have been entrusted with equivalent functions, i.e. directors, deputy directors and members of the board
Family members are individuals who are related to a PEP either directly (consanguinity) or through marriage or similar (civil) forms of partnership i.e. spouse, partner, children and their spouses or partners, and parents.
Close associates are individuals who are closely connected to a PEP, either socially or professionally. They are persons with whom joint beneficial ownership of a legal entity or legal arrangement is held, with whom there are close business relationships, or who is a sole beneficial owner of a legal entity or arrangement set up by the primary PEP.
When dealing with PEPs, the staff employee responsible for client onboarding should undertake enhanced due diligence procedures to satisfy themselves of the legitimacy of the client’s source of funds and nature of the business, and also consider the requirement for enhanced ongoing monitoring of that account activity for potentially suspicious behaviour.
If due diligence checks identify a client as a PEP or having a link with a PEP, the client’s file must be referred to the Money Laundering Compliance Officer for sign off from both MLRO and CEO before onboarding the client. 8.2. Simplified Due Diligence (SDD)

Simplified due diligence is the lowest level of due diligence that can be completed on a client. This is appropriate where there is little opportunity or risk of your services or customer becoming involved in money laundering or terrorist financing.
When completing simplified due diligence, there is no requirement to verify your customer's identity to the extent of a standard or enhanced due diligence approach. However, the business relationship must be continually monitored for events which may trigger a requirement for further due diligence in future.
Typically, clients that are required to disclose information regarding their ownership structure and business activities or companies that are subject to the Money Laundering Regulations are seen to be a lower risk.
For instance, where the client is a financial services business subject to Money Laundering Requirements, and is not a money service operator, verification will end once proof of their status has been obtained e.g. Capital Market Operators.
Also, if the client is a public authority in Nigeria or listed on a regulated market they may be perceived to be a lower risk as they are required to disclose information, so SDD may be applied.
If at any point during the relationship with your customer, additional intelligence becomes available which suggests that the customer or product may pose a higher risk than originally thought, a more enhanced level of due diligence should be conducted and the issue raised with the Money Laundering Compliance Officer. Who qualifies for simplified due diligence? The following clients and products qualify:

• Capital Market Operators provided they are subject to requirements for the combat of money laundering and terrorist financing which are consistent with the provisions of this Manual and are supervised for compliance with them;
• Public companies (listed on a securities exchange or similar situations) that are subject to regulatory disclosure requirements;
• Government ministries and parastatals /enterprises;
• Life insurance policies where the annual premium and single monthly premium are within the threshold determined by NAICOM;
• Insurance policies for pension schemes if there is no surrender - value clause and the policy cannot be used as collateral;
• A pension, superannuation or similar scheme that provides retirement benefits to employees, where contributions are made by way of deduction from wages and the scheme rules do not permit the assignment of a member’s interest under the scheme; and
• Beneficial-owners of pooled-accounts held by Designated Non-Financial Businesses and Professions (DNFBPs) provided that they are subject to requirements to combat money laundering and terrorist financing consistent with the provisions of Money Laundering (Prohibition) Act.

9. INTRODUCTIONS BY AN INTERMEDIARY WHO IS AN AGENT OF THE CLIENT

When dealing with Intermediaries, blind reliance should not be placed on intermediaries/third parties. The responsibility for client identification and verification remains with us and we must take all necessary steps to obtain assurance that adequate AML measures are implemented by the intermediaries.
Where the intermediary has an outsourcing or agency relationship, business relationship or accounts with us and is acting on behalf of a client there is no obligation to identify and verify the client provided appropriate documentation is obtained from the intermediary. This is only applicable where the Company has established a business relationship with the intermediary. This relationship will include a formal agreement and analysis of the intermediary’s disciplinary record; product provided; operational experience and any other relevant information available. Intermediaries must be reviewed annually and assessed to ensure that it is appropriate to rely upon their confirmation.
Where the intermediary has no outsourcing or agency relationship, business relationship or accounts with us, the relationship should be treated differently, and due diligence is to be performed. Relevant staff will be required to verify the intermediary as well as the underlying client and must satisfy themselves that the intermediary:
• Is able to provide the necessary information concerning its due diligence process;
• Is regulated/governed in accordance with the core principles of AML/CFT measures;
• Is able to make available copies of identification data and other relevant documentation relating to CDD requirements upon request without delay; and
• Will provide account information where request for relevant authorities

10. RECORD KEEPING

The money laundering Regulations requires the Company to retain records concerning Clients identification and transactions for use as evidence in any possible future investigation. Collection of client’s information facilitates the establishment of the identity and verification of the Client and it’s the Company’s policy to retain copies of such documents for five years after the relationship with the Client has ended.
The full scope of records to be maintained should cover:
• Client information
• Transactions
• Internal and external suspicion reports
• MLRO annual report
• Training and compliance monitoring

11. STAFF TRAINING

It is the policy of the Company that all new staff are given Anti Money Laundering training prior to commencing their role or within a reasonable period of commencement if they are qualified by prior experience.
• Regulatory requirements are that every relevant member of staff receives adequate training on money laundering and terrorist financing prevention. At the Company, training may take place either through electronic learning, face to face talks, and ad-hoc emails. The training provided will be developed by under the guidance of the Money Laundering Compliance Officer in collaboration with Senior Management. The scope of training will cover, as a minimum, the following key areas:

➢ AML/CFT Regulations and offences
➢ The nature of Money laundering
➢ Money laundering ‘red flags’ and suspicious transactions, including trade-based money laundering typologies
➢ Reporting requirements
➢ Risk-based approach to AML/CFT
➢ Record keeping and retention policy
This declaration will also be made available for new joiners to attest within a reasonable timeframe after joining. This period should be no longer than 30 days.
A training register will be maintained to record the relevant training provided to each employee.
The Money Laundering Compliance Officer will be responsible for ensuring that a copy of the Annual AML/CFT training program is submitted to the SEC and NFIU before 31st December every year against the next year.

12. MONITORING

It is the responsibility of the Client relationship manager to conduct ongoing monitoring of the business relationship with their clients. Ongoing monitoring of a business relationship includes:


• Scrutiny of transactions undertaken throughout the course of the relationship (including, where necessary, the source of funds) to ensure that the transactions are consistent with the Company’s knowledge of the client, his business and risk profile;
• Ensuring that the documents, data or information held by the Company are kept up to date.
Monitoring client activity helps identify, during the course of a continuing relationship, unusual activity. If unusual events cannot be rationally explained, they may involve money laundering or terrorist financing. Monitoring client activity and transactions throughout a relationship helps give greater assurance that the Company is not being used for the purposes of financial crime.
What is monitoring?

The essentials of any system of monitoring are that:
• it flags up transactions and/or activities for further examination;
• these reports are reviewed promptly by the right person(s); and
• appropriate action is taken on the findings of any further examination.
The Company will conduct monitoring in two ways.
Firstly, a manual system will be utilised and reliance will be placed upon employees’ alertness. It will rely upon such factors as employees’ intuition, direct exposure to a client face-to-face or on the telephone, and the ability, through practical experience, to recognise transactions that do not seem to make sense for that client. All potential issues will be discussed with the Money Laundering Compliance Officer.
Employees will further be trained to look for the following attributes:
• the unusual nature of a transaction: e.g., abnormal size or frequency for that client or peer group;
• the nature of a series of transactions: for example, a number of cash credits;
• the geographic destination or origin of a payment: for example, to or from a high-risk country; and
• the parties concerned: for example, a request to make a payment to or from a person on a sanctions list.
Secondly, compliance monitoring will be undertaken on a risk based approach and a sample of clients will be selected both new and existing. Such sampling may be by reference to specific types of transactions; the profile of the client, or by comparing their activity or profile with that of a similar, peer group of clients, or through a combination of these approaches.
Higher risk accounts and client relationships, such as a relationship with a PEP will generally require more frequent or intensive monitoring. In such cases, the compliance monitoring may be undertaken on a regular, say monthly basis, but this will be established in the Compliance Plan for the year. Senior management will be updated on a regular basis as to the frequency and numbers of monitoring reviews conducted and where necessary on an exception basis, the findings of those reviews.

SUSPICIOUS TRANSACTIONS “RED FLAGS”
When dealing with transactions, it is important that you as an employee of the Company are able to identify key signs that a transaction may be suspicious. Staff need to be aware and heightened their focus when dealing with:

• Transactions involving high-risk countries vulnerable to money laundering,
• Transactions involving shell companies.
• Transactions with correspondents that have been identified as higher risk.
• Large transaction activity involving monetary instruments such as traveler’s cheques, bank drafts, money order, particularly those that are serially numbered
• Transaction activity involving amounts that are just below the stipulated reporting threshold or enquiries that appear to test an institution’s own internal monitoring threshold or controls.

Customer facing/relations staff would need to be vigilant and pay special attention to all complex, unusual large transactions or unusual patterns of transactions that have no apparent or visible economic or lawful purpose. Such transactions or patterns of transactions include:
• significant transactions relative to a relationship,
• transactions that exceed certain limits,
• very high account turnover inconsistent with the size of the account balance or • Transactions which fall out of the regular pattern of the account’s activity.

TERORRIST FINANCING “Red flags”
• Persons involved in a transaction share an address or phone number, particularly when the address is also a business location or does not seem to correspond to the stated occupation (e.g., student, unemployed, or self-employed).
• Securities transaction by a non-profit or charitable organisation, for which there appears to be no logical economic purpose or for which there appears to be no link between the stated activity of the organisation and other parties in the transaction.
• Large volume of securities transactions through a business account, where there appears to be no logical business or other economic purpose for the transfers, particularly when this activity involves designated high-risk locations.
• The stated occupation of the clients is inconsistent with the type and level of account activity. • Multiple personal and business accounts or the accounts of non-profit organisations or charities that are used to collect and channel securities to a small number of foreign beneficiaries Escalation
Where an employee has reasonable grounds to suspect or detects a transaction which is irregular, the employee must raise this with the Money Laundering Compliance Officer as soon as possible. A review panel will be instituted immediately to investigate the matter, under the supervision of the ML Compliance Officer.
A record of every action undertaken during the investigation will be maintained, as well as the confidentiality of the ongoing investigation or the potential outcome.
The Review Panel will need to examine as far as possible, without tipping off the customer, the background and purpose for such transactions and set forth their findings in writing. Where the Panel concludes that sufficient or reasonable grounds exists to suspect that funds are the proceeds of criminal activity or related to terrorist financing, a suspicious activity report would be made to the NFIU. All suspicious transactions, including attempted transactions will be reported regardless of the amount involved.
All employees are prohibited from discussing the fact that a report is required to be filed with the authorities. This requirement applies regardless of whether the transactions involve tax matters or other things.