Anti-Money Laundering (AML) Policy

1. Introduction and Policy Statement

1.1 Purpose

This Anti-Money Laundering (AML) Policy establishes the framework for Geotopup Technology Solutions ("Geotopup," "we," "us," or "our") to prevent, detect, and report money laundering, terrorist financing, and other financial crimes across all our products and services.

1.2 Commitment

Geotopup is committed to:

• Preventing our services from being used for money laundering or terrorist financing
• Complying with all applicable Nigerian and international AML/CFT laws and regulations
• Implementing robust systems and controls to identify and mitigate financial crime risks
• Cooperating fully with law enforcement and regulatory authorities
• Maintaining the integrity of Nigeria's financial system
• Protecting our business, customers, and stakeholders from financial crime

1.3 Applicable Services

This AML Policy applies to all Geotopup services, with particular emphasis on:

• Geotopup Wallet: Financial transactions, bills payments, virtual cards
• Tradewyre: Cryptocurrency trading, buying, selling, swapping
• OneRoam: Travel bookings and international payments
• Social Boosta: Payment processing for social media services

2. Legal and Regulatory Framework

2.1 Nigerian Laws and Regulations

This AML Policy is designed to comply with:

• Money Laundering (Prohibition) Act, 2022 - Principal AML legislation in Nigeria
• Terrorism (Prevention and Prohibition) Act, 2022 - Counter-terrorism financing framework
• Economic and Financial Crimes Commission (EFCC) Act - Establishes EFCC's mandate
• Central Bank of Nigeria (CBN) Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) Regulations, 2022
• Nigerian Financial Intelligence Unit (NFIU) Regulations
• Securities and Exchange Commission (SEC) Rules and Regulations
• Banks and Other Financial Institutions Act (BOFIA)
• Advance Fee Fraud and Other Fraud Related Offences Act

2.2 International Standards

We also align with international best practices, including:

• Financial Action Task Force (FATF) Recommendations - Global AML/CFT standards
• Wolfsberg Principles - AML guidelines for financial institutions
• United Nations Security Council Resolutions - Sanctions and terrorist financing
• Egmont Group Standards - Financial intelligence exchange

2.3 Regulatory Authorities

We cooperate with and report to:

• Nigerian Financial Intelligence Unit (NFIU) - Suspicious transaction reporting
• Economic and Financial Crimes Commission (EFCC) - Money laundering investigations
• Central Bank of Nigeria (CBN) - Financial services regulation
• Securities and Exchange Commission (SEC) - Digital assets regulation
• Nigeria Police Force (NPF) - Criminal investigations
• Special Control Unit Against Money Laundering (SCUML) - Designated non-financial businesses

3. Scope of Application

3.1 Covered Persons

This AML Policy applies to:

• All directors, officers, and employees of Geotopup
• Third-party service providers and contractors
• Agents, representatives, and business partners
• Any person acting on behalf of Geotopup

3.2 Covered Activities

This policy covers all financial activities, including:

• Customer onboarding and account opening
• Payment processing and fund transfers
• Cryptocurrency transactions (buying, selling, swapping, sending, receiving)
• International payments and remittances
• Virtual card issuance and usage
• Merchant services and payment acceptance
• Travel bookings and cross-border payments

3.3 Geographic Scope

While primarily operating in Nigeria, this policy applies to:

• All Nigerian operations and transactions
• Cross-border transactions involving Nigerian customers
• International users accessing Nigerian-based services
• Partnerships with foreign service providers

4. Risk Assessment and Management

4.1 Money Laundering Risk Factors

We assess and monitor the following risk factors:

Customer Risk Factors:

• Customer type (individual, corporate, trust)
• Customer location (high-risk jurisdictions)
• Business activities and occupation
• Expected transaction patterns and volumes
• Source of wealth and funds
• Politically Exposed Persons (PEPs) status
• Adverse media or watchlist hits

Product/Service Risk Factors:

• Cryptocurrency trading (higher risk due to anonymity)
• Virtual USD cards (cross-border transaction risks)
• International payments and remittances
• High-value transactions
• Anonymous or pseudonymous transactions

Geographic Risk Factors:

• Transactions involving FATF high-risk jurisdictions
• Countries with weak AML/CFT controls
• Sanctioned countries or territories
• Known tax havens or offshore financial centers
• Conflict zones or politically unstable regions

Transaction Risk Factors:

• Unusually large or frequent transactions
• Transactions inconsistent with customer profile
• Structured transactions to avoid reporting thresholds
• Rapid movement of funds (in and out)
• Use of multiple accounts or payment methods
• Transactions involving high-risk countries

4.2 Risk-Based Approach

We apply a risk-based approach to AML compliance:

• Low Risk: Standard CDD procedures
• Medium Risk: Enhanced monitoring and periodic reviews
• High Risk: Enhanced Due Diligence (EDD), senior management approval, continuous monitoring

4.3 Enterprise Risk Assessment

We conduct periodic enterprise-wide AML risk assessments to:

• Identify and evaluate money laundering and terrorist financing risks
• Assess the adequacy of existing controls
• Develop risk mitigation strategies
• Update policies, procedures, and systems
• Report findings to senior management and board

5. Know Your Customer (KYC) Procedures

5.1 Identity Verification Requirements

All customers must provide the following for identity verification:

For Individual Customers:

• Full Name (as it appears on government-issued ID)
• Date of Birth
• Residential Address (with proof of address)
• Phone Number (verified via OTP)
• Email Address (verified)
• Government-Issued ID: National ID Card, International Passport, Driver's License, or Voter's Card
• Bank Verification Number (BVN)
• National Identification Number (NIN)
• Selfie Photo (for biometric verification)
• Source of Funds (for high-value accounts)

For Corporate Customers:

• Certificate of Incorporation
• Memorandum and Articles of Association
• Corporate Affairs Commission (CAC) documents
• Tax Identification Number (TIN)
• Board resolution authorizing account opening
• Identification of beneficial owners (holding ≥25% ownership)
• Identification of authorized signatories and directors
• Business address and proof
• Nature of business and expected transaction volumes

5.2 Verification Methods

We verify customer identity through:

• Automated identity verification services (e-KYC)
• BVN and NIN database checks
• Document verification (scanning and analysis)
• Facial recognition and liveness detection
• Third-party KYC service providers
• Manual review by compliance team (for complex cases)

5.3 Account Opening Restrictions

We will not open accounts for:

• Anonymous or pseudonymous customers
• Customers who refuse to provide required information
• Customers who provide false or misleading information
• Customers on sanctions lists or adverse media
• Shell companies with no legitimate business purpose
• High-risk customers without adequate due diligence
• Minors (under 18 years old) without parental consent

6. Customer Due Diligence (CDD)

6.1 Standard CDD Measures

For all customers, we perform:

• Identity verification using reliable, independent sources
• Collection of basic customer information
• Understanding the purpose and intended nature of the business relationship
• Assessment of customer risk profile
• Screening against sanctions lists and PEP databases
• Ongoing monitoring of transactions and account activity

6.2 Ongoing CDD

We conduct ongoing monitoring to:

• Ensure transactions are consistent with customer profile
• Update customer information regularly
• Identify unusual or suspicious transactions
• Reassess customer risk ratings periodically
• Respond to changes in customer behavior or circumstances

6.3 Periodic Review

Customer information is reviewed:

• Low Risk Customers: Every 3 years
• Medium Risk Customers: Annually
• High Risk Customers: Every 6 months or continuously
• Trigger Events: Large transactions, unusual activity, regulatory changes

7. Enhanced Due Diligence (EDD)

7.1 When EDD is Required

Enhanced Due Diligence is mandatory for:

• Politically Exposed Persons (PEPs) and their family members
• Customers from high-risk countries (FATF list)
• High-net-worth individuals with complex structures
• Customers engaged in high-risk businesses (MSBs, cryptocurrency exchanges, casinos)
• Customers with adverse media or negative news
• Non-face-to-face customer relationships
• Transactions exceeding NGN 5,000,000 (Five Million Naira)
• Cryptocurrency transactions exceeding $10,000 USD equivalent

7.2 EDD Measures

Enhanced Due Diligence includes:

• Obtaining additional identification documents
• Verifying source of wealth and source of funds
• Understanding ownership and control structure (for legal entities)
• Conducting background checks and adverse media screening
• Obtaining senior management approval for account opening
• Enhanced transaction monitoring and lower thresholds
• More frequent periodic reviews (at least every 6 months)
• Conducting in-person interviews where feasible
• Obtaining references from reputable sources

7.3 Ongoing Enhanced Monitoring

High-risk customers are subject to:

• Real-time transaction monitoring
• Daily transaction reviews by compliance team
• Lower alert thresholds for unusual activity
• Restrictions on transaction limits and volumes
• Mandatory verification for large transactions

8. Transaction Monitoring and Screening

8.1 Automated Transaction Monitoring

We deploy automated systems to monitor and detect:

• Unusually large transactions
• Rapid movement of funds (layering)
• Structured transactions (smurfing)
• Transactions inconsistent with customer profile
• High-risk country transactions
• Multiple transactions just below reporting thresholds
• Cryptocurrency mixing or tumbling activities
• Dormant account reactivation with high volumes

8.2 Red Flag Indicators

Our monitoring systems flag the following suspicious patterns:

Transaction Red Flags:

• Transactions with no apparent economic purpose
• Frequent deposits followed by immediate withdrawals
• Use of multiple accounts or wallets to fragment transactions
• Transactions involving sanctioned entities or jurisdictions
• Round-dollar or round-cryptocurrency amounts
• Transfers to newly created accounts
• Payments for services not rendered

Customer Behavior Red Flags:

• Customer reluctance to provide information
• Frequent changes to customer information
• Evasive or uncooperative behavior
• Transactions inconsistent with stated business
• Multiple customers using same IP address or device
• Use of VPN or anonymization services

8.3 Reporting Thresholds

We report the following to Nigerian authorities:

• Cash Transactions: Single transactions ≥ NGN 5,000,000 (NFIU)
• International Transfers: Transfers ≥ $10,000 USD equivalent (NFIU)
• Cryptocurrency Transactions: Transactions ≥ $10,000 USD equivalent (SEC/NFIU)
• Suspicious Transactions: All suspicious activities regardless of amount (NFIU)
• Attempted Transactions: Rejected transactions due to suspicion (NFIU)

9. Suspicious Activity Reporting

9.1 Obligation to Report

All employees must immediately report any suspicious activities or transactions to the AML Compliance Officer, including:

• Suspected money laundering or terrorist financing
• Transactions that appear unusual or lack economic rationale
• Customer behavior that raises suspicion
• Attempted transactions that are declined due to suspicion
• Discovery of false or misleading information

9.2 Suspicious Transaction Report (STR)

When suspicious activity is identified, we:

• Document all relevant facts and circumstances
• Conduct internal investigation and analysis
• Prepare a Suspicious Transaction Report (STR)
• File STR with Nigerian Financial Intelligence Unit (NFIU) within 7 days
• Maintain confidentiality (no tipping-off the customer)
• Preserve all supporting documentation
• Cooperate with law enforcement investigations

9.3 Currency Transaction Report (CTR)

For cash transactions exceeding NGN 5,000,000, we file a Currency Transaction Report (CTR) with NFIU within 7 days.

9.4 International Funds Transfer Report (IFTR)

For international transfers exceeding $10,000 USD equivalent, we file an International Funds Transfer Report (IFTR) with NFIU within 7 days.

9.5 Confidentiality and Tipping-Off

It is a criminal offense to disclose (tip-off) to a customer or any third party that:

• A suspicious transaction report has been filed
• An investigation is underway
• Information has been provided to law enforcement

Violations may result in imprisonment and fines under Nigerian law.

10. Record Keeping and Documentation

10.1 Retention Requirements

In compliance with Nigerian law, we retain the following records:

• Customer Identification Records: Minimum 5 years after account closure
• Transaction Records: Minimum 5 years after transaction date
• KYC/CDD Documentation: Minimum 5 years after relationship ends
• STRs and CTRs: Minimum 5 years after filing
• Internal Investigation Reports: Minimum 7 years
• AML Training Records: Minimum 5 years
• Correspondence with Authorities: Minimum 7 years

10.2 Documentation Requirements

All records must be:

• Maintained in secure, electronic or physical formats
• Easily retrievable upon request by authorities
• Protected against unauthorized access, alteration, or destruction
• Backed up regularly to prevent data loss
• Available for production within 48 hours of regulatory request

10.3 Audit Trail

We maintain comprehensive audit trails for:

• All customer onboarding activities
• Transaction approvals and rejections
• Changes to customer information
• Alert generation and disposition
• STR filing and follow-up actions
• System access and user activities

11. Sanctions Screening and PEPs

11.1 Sanctions Lists

We screen customers and transactions against:

• United Nations Security Council Consolidated List
• Office of Foreign Assets Control (OFAC) Specially Designated Nationals (SDN) List
• European Union (EU) Consolidated Financial Sanctions List
• UK HM Treasury Financial Sanctions List
• Nigerian national sanctions lists
• Financial Action Task Force (FATF) high-risk jurisdictions
• Interpol Red Notices
• Global terrorism databases

11.2 Politically Exposed Persons (PEPs)

We identify and apply Enhanced Due Diligence to:

Foreign PEPs:

• Heads of state or government
• Senior politicians and government officials
• Senior military or judicial officials
• Senior executives of state-owned enterprises
• Important political party officials

Domestic PEPs:

• Nigerian government officials (federal, state, local)
• National Assembly members and state legislators
• Governors, ministers, and commissioners
• Judicial officers and heads of government agencies
• Military and security officials

PEP Family Members and Close Associates:

• Spouses and children
• Parents and siblings
• Business partners and close associates

11.3 PEP Risk Mitigation

For PEP accounts, we:

• Obtain senior management approval before account opening
• Verify source of wealth and source of funds
• Conduct enhanced ongoing monitoring
• Apply lower transaction thresholds for alerts
• Review accounts at least every 6 months

11.4 Prohibited Jurisdictions

We do not provide services to customers from or conduct transactions involving:

• Countries subject to comprehensive international sanctions
• FATF-identified high-risk jurisdictions (black list)
• Countries with strategic AML/CFT deficiencies (gray list)
• Non-cooperative jurisdictions for tax purposes

12. Staff Training and Awareness

12.1 Training Program

All employees receive comprehensive AML training covering:

• Nigerian AML/CFT laws and regulations
• Money laundering and terrorist financing typologies
• Red flag indicators and suspicious activity detection
• KYC/CDD procedures and customer verification
• Transaction monitoring and reporting obligations
• Sanctions screening and PEP identification
• Confidentiality and tipping-off prohibitions
• Penalties for non-compliance
• Role-specific responsibilities

12.2 Training Schedule

• New Employees: AML training within 30 days of hire
• Annual Refresher Training: All employees participate in annual AML training
• Specialized Training: Compliance and risk teams receive advanced training
• Ad-Hoc Training: Training when regulations change or new risks emerge

12.3 Training Records

We maintain records of:

• Training attendance and completion
• Training materials and curriculum
• Assessment results and certifications
• Feedback and training effectiveness

13. AML Compliance Officer and Governance

13.1 AML Compliance Officer

We have designated an AML Compliance Officer responsible for:

• Overseeing the AML compliance program
• Ensuring compliance with laws and regulations
• Reviewing and approving policies and procedures
• Conducting risk assessments
• Filing STRs, CTRs, and other regulatory reports
• Liaising with regulatory authorities and law enforcement
• Managing AML training programs
• Reporting to senior management and board
• Investigating suspicious activities

13.2 Board and Senior Management Oversight

The Board of Directors and senior management:

• Approve AML policies and procedures
• Allocate adequate resources for AML compliance
• Review AML risk assessments and audit reports
• Receive regular updates on AML compliance
• Approve high-risk customer relationships
• Ensure a culture of compliance throughout the organization

13.3 Independent Audit and Testing

We conduct independent audits to:

• Assess the effectiveness of the AML program
• Identify control weaknesses and gaps
• Test transaction monitoring systems
• Review STR quality and timeliness
• Verify compliance with policies and procedures
• Recommend improvements and corrective actions

Audits are conducted at least annually by qualified internal or external auditors.

14. Prohibited Transactions and Activities

14.1 Prohibited Activities

We strictly prohibit the use of our services for:

• Money Laundering: Disguising the origins of illegally obtained money
• Terrorist Financing: Providing financial support to terrorist organizations
• Drug Trafficking: Proceeds from illegal drug trade
• Fraud and Scams: Advance fee fraud (419), romance scams, Ponzi schemes
• Human Trafficking: Exploitation and trafficking in persons
• Arms Trafficking: Illegal trade in weapons and ammunition
• Corruption and Bribery: Proceeds from corrupt practices
• Tax Evasion: Concealing income or assets to evade taxes
• Sanctions Violations: Transactions with sanctioned entities or countries
• Wildlife Trafficking: Illegal trade in endangered species
• Cybercrime: Hacking, phishing, ransomware, identity theft
• Child Exploitation: Any activity involving exploitation of minors

14.2 Consequences of Prohibited Activities

Customers engaged in prohibited activities will face:

• Immediate account suspension or termination
• Freezing of funds pending investigation
• Reporting to NFIU, EFCC, and other authorities
• Cooperation with law enforcement investigations
• Potential criminal prosecution
• Permanent ban from using Geotopup services

15. Enforcement and Penalties

15.1 Internal Disciplinary Actions

Employees who violate this AML Policy may face:

• Verbal or written warnings
• Suspension without pay
• Termination of employment
• Referral for criminal prosecution
• Civil liability for damages

15.2 Legal Penalties in Nigeria

Under Nigerian law, money laundering offenses carry severe penalties:

• Individuals: Imprisonment up to 14 years and/or fines
• Corporate Entities: Fines up to NGN 10,000,000 and license revocation
• Failure to Report: Imprisonment up to 2 years and/or fines
• Tipping-Off: Imprisonment up to 2 years and/or fines
• Terrorist Financing: Life imprisonment

15.3 Asset Forfeiture

Proceeds of crime and property used in money laundering are subject to:

• Temporary seizure pending investigation
• Permanent forfeiture upon conviction
• Confiscation by the Federal Government of Nigeria

16. Policy Review and Updates

16.1 Regular Review

This AML Policy is reviewed and updated:

• At least annually by the AML Compliance Officer
• When Nigerian or international AML laws change
• Following significant regulatory guidance or enforcement actions
• After internal audits identify deficiencies
• When new products or services are introduced
• In response to emerging money laundering trends or typologies

16.2 Continuous Improvement

We are committed to continuously improving our AML program through:

• Monitoring regulatory developments
• Benchmarking against industry best practices
• Investing in technology and automation
• Enhancing staff training and awareness
• Engaging with regulators and industry associations

17. Reporting and Contact Information

17.1 Internal Reporting

To report suspicious activities or AML concerns internally:

17.2 External Reporting (Regulatory Authorities)

Nigerian Financial Intelligence Unit (NFIU)

Website: https://nfiu.gov.ng
Email: info@nfiu.gov.ng
Address: Plot 1181, Memorial Drive, Central Business District, Abuja, Nigeria

Economic and Financial Crimes Commission (EFCC)

Website: https://efccnigeria.org
Email: info@efccnigeria.org
Hotline: 0800 693 3222
Address: No. 15A, Awolowo Road, Ikoyi, Lagos, Nigeria

17.3 Whistleblower Protection

Geotopup protects employees and customers who report suspicious activities in good faith:

• Reports can be made anonymously
• No retaliation against whistleblowers
• Confidentiality of reporter's identity maintained
• Protection from civil or criminal liability (under Nigerian Whistleblower Protection laws)