Anti-Money Laundering (AML) Policy

1. Introduction
VIVAWIN LIMITED ("the Company") is committed to preventing its services from being used
for money laundering and terrorist financing activities. This Anti-Money Laundering (AML)
Policy outlines our commitment to comply with all applicable laws and regulations, including
but not limited to:
• An Act to Provide for the Prevention of Money Laundering and for Matters Connected
Therewith or Incidental Thereto (2005);
• AML/CFT Law (2008).

2. Policy Statement
The Company is committed to:
• Implementing procedures to detect and prevent money laundering and terrorist
financing.
• Ensuring that all employees understand their responsibilities in combating money
laundering.
• Maintaining high standards of due diligence to safeguard the Company from being
used for money laundering activities.

3. Scope
This policy applies to all employees, consultants, contractors, and other third parties involved
in the processing of financial transactions on behalf of VIVAWIN LIMITED.

4. Definitions
4.1 Money Laundering (ML)
The process of concealing the origins of money obtained through illegal activities, such as
drug trafficking, corruption, and fraud, by passing it through a complex sequence of banking
transfers or commercial transactions.
4.2 Terrorist Financing (TF)
The provision of funds or other assets to individuals or organizations with the intention of
supporting terrorist activities.
4.3 Customer Due Diligence (CDD)
The process of identifying and verifying the identity of customers and understanding the nature
of their activities to assess the risk of money laundering or terrorist financing.
4.4 Politically Exposed Persons (PEPs)
Individuals who are or have been entrusted with prominent public functions, their family
members, and close associates.

5. Risk-Based Approach
The Company adopts a risk-based approach to AML compliance, focusing resources on areas
where the risk of money laundering and terrorist financing is higher.
5.1 Risk Assessment
The Company will conduct regular risk assessments to identify and assess the ML and TF
risks associated with:
• Customers
• Countries or geographic areas
• Products and services
• Transactions
• Delivery channels
5.2 Risk Mitigation
Based on the risk assessment, the Company will implement appropriate measures to mitigate
identified risks, including enhanced due diligence for higher-risk customers.

6. Customer Due Diligence (CDD)
6.1 Identification and Verification
The Company will obtain the following information from customers before establishing a
business relationship:
• Individual customers: Full name, date of birth, residential address, and an identification
document (e.g., passport, driver's license).
• Corporate customers: Company name, registration number, registered address,
articles of association, and identification of directors and beneficial owners.
6.2 Enhanced Due Diligence (EDD)
For higher-risk customers, including PEPs and customers from high-risk jurisdictions, the
Company will:
• Obtain additional information about the customer and the intended nature of the
business relationship.
• Verify the source of funds and wealth.
• Conduct more frequent and thorough ongoing monitoring of the relationship.
6.3 Ongoing Monitoring
The Company will continuously monitor customer transactions and activities to ensure they
are consistent with the customer's profile and risk level. This includes:
• Reviewing transaction patterns and volumes.
• Checking for any changes in the customer’s circumstances.
• Updating customer information regularly.

7. Reporting Suspicious Activities
7.1 Identifying Suspicious Activities
Employees must be vigilant for signs of suspicious activities, such as:
• Large, unusual, or unexplained transactions.
• Transactions that do not match the customer’s known profile or business activities.
• Attempts to evade reporting thresholds or AML controls.
7.2 Internal Reporting
Employees who identify suspicious activities must report them to the Money Laundering
Reporting Officer (MLRO) using the internal reporting form.
7.3 External Reporting
The MLRO will assess the internal reports and, if necessary, file a Suspicious Activity Report
(SAR) with the National Crime Agency (NCA).

8. Record Keeping
8.1 CDD and EDD Records
The Company will maintain detailed records of all CDD and EDD measures, including:
• Copies of identification documents.
• Information about the customer and the nature of the business relationship.
• Records of transactions and monitoring activities.
8.2 SAR Records
The Company will maintain records of all SARs submitted to the NCA, including:
• Internal reports and assessments.
• Copies of the SAR and any related correspondence.
8.3 Retention Period
All records will be retained for at least five years from the end of the business relationship or
the date of the transaction.

9. Training and Awareness
9.1 Employee Training
The Company will provide regular AML training to all employees, covering:
• AML laws and regulations.
• The Company's AML policies and procedures.
• How to identify and report suspicious activities.
• Customer due diligence and enhanced due diligence measures.
9.2 Ongoing Awareness
The Company will keep employees informed of any changes to AML laws and regulations and
update its policies and procedures accordingly.

10. Internal Controls and Audits
10.1 Internal Controls
The Company will implement robust internal controls to ensure compliance with AML
regulations and this policy, including:
• Segregation of duties.
• Regular monitoring and review of transactions.
• Approval processes for high-risk customers and transactions.
10.2 Audits
The Company will conduct regular audits of its AML practices and procedures to ensure they
are effective and comply with legal and regulatory requirements. Any deficiencies identified
during audits will be promptly addressed.

11. Transborder Personal Data Flow
11.1 Data Transfer Risk Assessment
The Company will conduct a risk assessment before transferring personal data across borders
to ensure that the data will be adequately protected.
11.2 Adequacy of Protection
The Company will ensure that personal data transferred to countries outside the UK and EEA
are protected by appropriate safeguards, such as:
• Adequacy decisions by the UK government.
• Standard Contractual Clauses (SCCs) approved by the UK government.
• Binding Corporate Rules (BCRs) for intra-group transfers.

12. Amendments and Updates
This policy will be reviewed and updated annually or as required to reflect changes in laws,
regulations, or business operations.

13. Contact Information
For questions or concerns related to this policy, please contact the Money Laundering
Reporting Officer:
VIVAWIN LIMITED
Hamchako, Mutsamudu, Autonomous Island of Anjouan, Union of Comoros
compliance@vivawin.io

Version 1.0

Last updated: 14 October, 2024