Anti-Money Laundering (AML) Policy

Last Updated: 5/22/2025

1. Introduction and Regulatory Framework

YafPay is committed to the highest standards of Anti-Money Laundering (AML) compliance and requires all management and employees to adhere to these standards to prevent the use of our services for money laundering purposes. This policy is designed in accordance with:

  • The Financial Action Task Force (FATF) recommendations
  • Local AML legislation in all operating jurisdictions
  • The United Nations Convention against Illicit Traffic in Narcotic Drugs and Psychotropic Substances (1988)
  • The United Nations Convention against Transnational Organized Crime (2000)
  • International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation
  • Applicable African regional financial regulations including directives from the Central Bank of Nigeria (CBN), South African Reserve Bank (SARB), Central Bank of Kenya (CBK), and other relevant national authorities

This policy establishes the general framework for the fight against money laundering and financing of terrorism within YafPay business operations across Africa and globally.

2. Governance Structure and Compliance Officer

YafPay maintains a robust governance structure with clearly defined roles and responsibilities for AML compliance:

  • The Board of Directors has ultimate responsibility for ensuring YafPay compliance with AML regulations
  • The AML Compliance Committee oversees the implementation of this policy and reviews its effectiveness quarterly
  • The Chief Compliance Officer (CCO) is designated as the Money Laundering Reporting Officer (MLRO) and reports directly to the Board

The Chief Compliance Officer is responsible for:

  • Developing, implementing, and maintaining effective AML policies, procedures, and controls
  • Overseeing staff AML training programs and ensuring they remain up-to-date with emerging threats and regulatory requirements
  • Monitoring transactions and conducting enhanced due diligence investigations
  • Filing Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs) with relevant Financial Intelligence Units (FIUs)
  • Conducting regular risk assessments and independent audits of the AML program
  • Serving as the primary contact for regulatory authorities on AML matters
  • Providing quarterly reports to the Board on AML compliance matters

3. Risk-Based Approach to Customer Due Diligence (CDD)

YafPay employs a risk-based approach to Customer Due Diligence in accordance with FATF Recommendation 10, applying measures proportionate to the identified risks:

3.1 Standard Due Diligence

  • Collection and verification of legal name using government-issued photo ID
  • Verification of date of birth and nationality
  • Current residential address verification using utility bills, bank statements, or other official documents
  • Contact information verification through two-factor authentication
  • Purpose and intended nature of the business relationship
  • Source of funds assessment for initial transactions

3.2 Enhanced Due Diligence (EDD)

Enhanced due diligence is applied to higher-risk customers, including:

  • Politically Exposed Persons (PEPs) and their family members or close associates
  • Customers from high-risk jurisdictions as identified by the FATF
  • Customers with complex ownership structures or offshore connections
  • High-value accounts or transactions
  • Customers involved in cash-intensive businesses

EDD measures include:

  • Additional verification of identity documents through certified copies or biometric verification
  • Verification of source of wealth and funds through bank statements, tax returns, or employment verification
  • Understanding the nature of the customer business activities in detail
  • Obtaining senior management approval for establishing business relationships
  • Conducting ongoing monitoring with increased frequency and lower thresholds
  • Periodic re-verification of customer information at least annually

3.3 Business Entity Verification

  • Business registration documents and certificates
  • Tax identification number and regulatory licenses
  • Verification of business address and operating locations
  • Identification and verification of all beneficial owners with 25% or greater ownership
  • Identification of all executive officers, directors, and signatories
  • Review of audited financial statements or annual reports where applicable

4. Transaction Monitoring and Suspicious Activity Detection

YafPay employs sophisticated automated systems supplemented by human oversight to detect, analyze and report suspicious activities:

  • Real-time transaction screening against sanctions lists, PEP databases, and adverse media
  • Rule-based monitoring system to identify transactions that deviate from expected patterns, including:
    • Structuring or smurfing (multiple transactions below reporting thresholds)
    • Rapid movement of funds (in-and-out transactions)
    • Transactions with no apparent economic or lawful purpose
    • Transactions involving high-risk jurisdictions
    • Unusual patterns inconsistent with the customer profile
  • Behavioral analytics and machine learning algorithms to identify emerging patterns of suspicious activity
  • Specialized monitoring protocols for high-risk products, services, and customer segments
  • Systematic alert management with clear escalation procedures
  • Four-eyes principle for review of flagged transactions
  • Documentation of investigation outcomes and rationale for decisions

4.1 Transaction Thresholds and Limits

In accordance with regulatory requirements, YafPay implements the following measures:

  • Reporting of all cash transactions exceeding applicable regulatory thresholds (typically $10,000 or equivalent)
  • Risk-based transaction limits based on customer profile, account history, and risk assessment
  • Progressive authentication requirements for transactions of increasing value
  • Mandatory review of transactions meeting specific risk criteria by the AML team

5. Record Keeping and Data Protection

YafPay maintains comprehensive records in compliance with both AML regulations and data protection laws:

  • All customer identification records, account files, and business correspondence are maintained for at least 5 years after the termination of the business relationship
  • All transaction records are maintained for at least 5 years from the date of the transaction
  • Records of all filed reports and supporting documentation are securely maintained
  • Internal audit trails of AML compliance activities and decisions are preserved
  • Records are maintained in formats that ensure their integrity, confidentiality, and availability for regulatory inspection
  • Information security protocols including encryption, access controls, and secure backup systems are implemented
  • Records disposal follows secure destruction protocols after retention periods expire

All record keeping complies with applicable data protection regulations, including the General Data Protection Regulation (GDPR) where applicable, and local data protection laws.

6. Comprehensive Employee Training Program

YafPay AML training program is designed to create a culture of compliance:

  • Mandatory AML onboarding training for all new employees within 30 days of employment
  • Role-specific training modules for customer-facing staff, compliance team, and senior management
  • Annual refresher training for all employees
  • Quarterly updates on emerging threats, typologies, and regulatory changes
  • Training on identifying red flags specific to payment and remittance services
  • Training effectiveness assessment through tests and practical scenarios
  • Maintaining detailed records of all training sessions, materials, and employee attendance

Training curriculum includes:

  • Legal and regulatory framework of AML/CFT
  • Role-specific responsibilities in the AML program
  • Customer due diligence procedures and documentation requirements
  • Identification of suspicious activities and red flags
  • Internal reporting procedures and SAR filing requirements
  • Consequences of non-compliance for both the company and individual employees
  • Case studies relevant to the African financial landscape

7. Comprehensive Risk Assessment Methodology

YafPay conducts enterprise-wide risk assessments at least annually and after any significant changes to the business:

7.1 Risk Categories

  • Customer Risk: Categorization of customers based on occupation, business activities, PEP status, and geographic location
  • Geographic Risk: Analysis of countries of operation according to FATF designations, sanctions, corruption indices, and prevalence of financial crimes
  • Product/Service Risk: Assessment of vulnerability of different services to money laundering based on liquidity, anonymity, and complexity
  • Channel Risk: Evaluation of delivery channels (mobile, web, agent network) and their vulnerability to identity theft or fraud
  • Transaction Risk: Analysis based on volume, frequency, geographic routing, and counterparties

7.2 Risk Matrix and Scoring

Each risk factor is assigned a weighting and score based on its relative importance:

  • Low-risk customers: Simplified due diligence, standard monitoring
  • Medium-risk customers: Standard due diligence, enhanced monitoring
  • High-risk customers: Enhanced due diligence, intensive monitoring, periodic review
  • Unacceptable risk: Business relationship declined or terminated

The risk assessment methodology is documented and regularly reviewed by an independent third party.

8. Prohibited Activities and Sanctions Compliance

YafPay strictly prohibits any transaction that facilitates:

  • Money laundering, terrorist financing, or proliferation financing
  • Transactions related to sanctioned countries, entities, or individuals as designated by:
    • United Nations Security Council (UNSC)
    • Office of Foreign Assets Control (OFAC)
    • European Union
    • UK Office of Financial Sanctions Implementation (OFSI)
    • National sanctions lists in operating jurisdictions
  • Transactions related to illegal activities including drug trafficking, human trafficking, corruption, tax evasion, and fraud
  • Anonymous accounts or transactions
  • Shell banks or payment through non-transparent correspondent relationships
  • Transactions designed to evade reporting requirements

YafPay maintains a comprehensive sanctions screening program that includes:

  • Real-time screening of all transactions and customers against multiple sanctions lists
  • Regular updating of sanctions databases
  • Geolocation verification to prevent IP spoofing or VPN usage from sanctioned jurisdictions
  • Detailed procedures for investigating and resolving potential sanctions matches
  • Clear escalation procedures for confirmed sanctions hits

9. Regulatory Reporting Obligations

YafPay fulfills its reporting obligations to relevant authorities, including:

  • Suspicious Activity Reports (SARs) or Suspicious Transaction Reports (STRs) filed with relevant Financial Intelligence Units (FIUs) when there is reasonable suspicion of money laundering or terrorist financing
  • Currency Transaction Reports (CTRs) for cash transactions above regulatory thresholds
  • Cross-border wire transfer reports as required by local regulations
  • Reporting of suspected sanctions violations to relevant authorities

YafPay reporting procedures include:

  • Clear internal escalation pathways from detection to investigation to reporting
  • Specific timelines for reporting based on regulatory requirements in each jurisdiction
  • Documentation requirements for supporting the decision to file or not file a report
  • Strict confidentiality provisions including no-tipping-off requirements
  • Procedures for responding to follow-up inquiries from authorities

10. Independent Audit and Quality Assurance

YafPay AML compliance program is subject to:

  • Annual independent testing by qualified third parties
  • Quarterly internal audits by staff independent of the compliance function
  • Regular compliance testing of key control points
  • Remediation tracking for identified deficiencies
  • Regular reporting of audit findings to the Board of Directors

The audit program evaluates:

  • Design and operational effectiveness of AML policies, procedures and controls
  • Compliance with regulatory requirements and internal policies
  • Effectiveness of risk assessment methodology
  • Adequacy of transaction monitoring systems
  • Staff knowledge and adherence to procedures
  • Quality and timeliness of regulatory reporting

11. Contact Information and Reporting Channels

For questions regarding this AML Policy or to report suspicious activity:

  • Contact our Compliance Officer at: compliance@yafpay.com
  • Anonymous internal whistleblowing hotline: ethics@yafpay.com
  • Postal address: YafPay Compliance Department, [Corporate Address]

YafPay prohibits retaliation against any employee who reports suspected violations in good faith and will maintain confidentiality to the extent permitted by law.

This Anti-Money Laundering Policy is reviewed and updated at least annually to reflect changing regulatory requirements, emerging risks, and industry best practices. The Board of Directors approves all substantive changes to this policy.