Anti-Money Laundering (AML) Policy

This Anti-Money Laundering (AML) Policy is established by CashForo LTD, a payment services provider incorporated and registered under the laws of the Republic of Cyprus. The Company provides digital payment gateway solutions to merchants and businesses across multiple jurisdictions. This Policy outlines the Company’s obligations and internal practices to prevent money laundering, terrorist financing, and related financial crimes, and reflects our commitment to maintaining the integrity and transparency of the global financial system. The Company adopts a zero-tolerance stance towards any illegal use of its platform and services and has implemented this Policy as a binding framework for all employees, clients, agents, and business partners.

The objective of this AML Policy is to establish robust internal systems and controls that are compliant with the applicable legal and regulatory requirements in Cyprus and the European Union. These include the identification, prevention, detection, and reporting of any activity that may be related to money laundering, terrorist financing, or financial crime. The Policy aims to minimize legal, regulatory, and reputational risks by promoting a culture of compliance and accountability throughout the organization.

This Policy is based on the provisions of the Prevention and Suppression of Money Laundering and Terrorist Financing Law of 2007 (Law 188(I)/2007), as amended, and is aligned with relevant EU Directives including Directive (EU) 2015/849 (4th AMLD), Directive (EU) 2018/843 (5th AMLD), and Directive (EU) 2018/1673 (6th AMLD). It incorporates the guidelines and best practices issued by the Cyprus Securities and Exchange Commission (CySEC), the Central Bank of Cyprus, and international standards such as the FATF Recommendations. Where applicable, this Policy also respects the requirements of the General Data Protection Regulation (GDPR) with regard to the processing of personal data during due diligence procedures.

For the purposes of this Policy, “Money Laundering” refers to the process of concealing the origins of illegally obtained funds so they appear to be legitimate. “Terrorist Financing” refers to the act of providing funds or financial support to individuals or groups engaged in terrorism, whether or not the funds were derived from a criminal activity. A “Client” is any individual or legal entity that engages in a business relationship with the Company. “Politically Exposed Person (PEP)” refers to a person holding a prominent public function, including their immediate family and close associates. “Beneficial Owner” means the natural person(s) who ultimately own or control a legal entity.

The Board of Directors of CashForo LTD is ultimately responsible for the approval and oversight of this AML Policy. Day-to-day implementation and monitoring is delegated to the Company’s appointed Compliance Officer, who possesses the appropriate knowledge and experience to carry out AML obligations effectively. The Compliance Officer reports directly to the Board and has full authority to access any information relevant to AML compliance, perform risk assessments, and file Suspicious Activity Reports (SARs) to MOKAS (the Cyprus Financial Intelligence Unit) as required. The Company ensures independence of the Compliance function and provides necessary resources to maintain effective AML compliance across all business units.

The Company applies a risk-based approach to AML compliance. It performs periodic assessments of risks associated with its customers, geographical regions, services, delivery channels, and transaction patterns. These assessments determine the level of due diligence required for each client and influence ongoing monitoring activities. High-risk relationships, such as those involving PEPs or clients from non-cooperative jurisdictions, are subject to enhanced scrutiny and oversight. The results of the risk assessment are documented, reviewed annually, and updated as necessary based on regulatory developments or changes in the business environment.

As part of its KYC process, the Company collects and verifies the identity of all customers prior to establishing a business relationship. For natural persons, the Company requires a valid government-issued identification document and proof of address. For legal entities, the Company collects incorporation documents, details of directors, shareholders, and beneficial owners. The Company screens clients against international sanctions lists and databases for negative media or politically exposed status. Where necessary, the Company applies Enhanced Due Diligence (EDD), including source of wealth and source of funds verification. Ongoing monitoring is applied to detect suspicious activity during the lifecycle of the client relationship.

The Company maintains an internal control system tailored to its size, structure, and risk exposure. This includes written procedures for client onboarding, transaction monitoring, staff training, and suspicious transaction reporting. All employees are required to undergo AML training during onboarding and annually thereafter. Internal audits are conducted to test the effectiveness of AML controls and ensure adherence to this Policy. Records of all transactions, due diligence documents, communications, and reports are retained for at least five years, in accordance with legal obligations. The Company ensures that any third-party service providers or agents involved in client onboarding or payments also comply with equivalent AML standards.