AML: ANTI-MONEY LAUNDERING AND COUNTER-TERRORIST FINANCING POLICY

Last updated: January 5th 2026

PB Labs Co., Ltd ("Propbase") is dedicated to maintaining and enforcing global standards for anti-money laundering (AML) and counter-terrorism financing (CTF). These standards are shaped by the most effective practices from the USA and internationally. To this end, Propbase has developed this comprehensive Anti-Money Laundering and Counter-Terrorist Financing Policy ("Policy") aimed at preventing and addressing money laundering activities, as well as any actions that support the financing of terrorism or other criminal endeavors.

Despite not being mandated by US AML regulations, Propbase proactively implements robust Know Your Customer (KYC) procedures, Customer Due Diligence (CDD), and Know Your Transaction (KYT) measures. These procedures and measures are integral to our risk management framework, helping us identify, evaluate, and mitigate risks associated with our operations.

This Policy document is subject to regular updates to ensure it remains current and effective in addressing emerging threats and regulatory requirements. In addition to this Policy, Propbase may establish supplementary policies and procedures as needed. These additional measures will be periodically reviewed and revised to respond to changes in the regulatory landscape and business environment.

For any inquiries or further information regarding this Policy, please feel free to contact us at : support@propbase.app . We are committed to transparency and welcome any questions or feedback to continually improve our AML and CTF efforts.

1. MONEY LAUNDERING AND TERRORISM FINANCING OVERVIEW

1.1. Money Laundering

Money laundering is generally defined as engaging in acts designed to conceal or disguise the true origins of criminally derived proceeds in order for the proceeds to appear to have derived from legitimate sources or to constitute legitimate assets. Money laundering typically occurs in three stages:

  1. Placement: The cash generated by criminal activities first enters the financial system at the "placement" stage, where it is converted into monetary instruments or deposited into accounts at financial institutions.
  2. Layering: The funds are transferred or moved into other accounts or financial institutions during the "layering" stage to further separate the money from its criminal origin.
  3. Integration: The funds are reintroduced into the economy and used to purchase legitimate assets or to fund other criminal activities or legitimate businesses during the "integration" stage.

The securities industry can be used to launder funds obtained from other sources as well as to generate illicit funds within the industry itself through fraudulent activities such as insider trading, market manipulation, ponzi schemes, and cybercrime

1.2. Terrorism Financing

Terrorist financing may not involve criminal proceeds but rather an attempt to conceal the origin of the funds or their intended use. Legitimate funding sources distinguish terrorist financiers from traditional criminal organizations. Legitimate sources of income include foreign government sponsors, business ownership, and personal employment, in addition to charitable donations.

1.3. Compliance Rules

Our AML policies, procedures, and internal controls are meticulously designed to comply with all applicable regulations. We conduct regular reviews and updates of these policies, procedures, and internal controls to ensure their continued effectiveness and relevance. This proactive approach allows us to adapt to both regulatory changes and evolving business conditions, ensuring that our measures are always aligned with the latest standards and best practices. By continuously refining and enhancing our AML framework, we are committed to maintaining robust defenses against money laundering and terrorist financing activities.

2. INTERNAL CONTROL STRUCTURE

2.1. Duties and Responsibilities

Propbase, through its Senior Management and compliance officers, is tasked with ensuring that the company maintains an effective system of internal controls to ensure ongoing compliance with BSA regulatory requirements. These internal controls encompass the policies, procedures, and processes designed to mitigate and manage the risks of money laundering (ML), terrorist financing (TF), and other illicit financial activities, while also ensuring adherence to BSA regulations.

The Senior Management Team plays a pivotal role in fostering a compliance-focused culture and establishing a structure that provides oversight and accountability. They ensure that Compliance Management effectively implements Propbase's BSA/AML internal controls. The scope and nature of these internal controls are tailored to suit Propbase's size, complexity, and organizational structure. Each department within Propbase, as part of a comprehensive BSA/AML compliance program, addresses specific risks and compliance requirements relevant to its line of business.

Propbase's Senior Management team includes all officers holding positions of director, manager, or equivalent roles, as well as any individuals directly involved in senior-level decision-making processes. Their internal control responsibilities include:

  • Adopting this Policy in line with relevant legislation, regulations, and enactments aimed at preventing money laundering and terrorist financing;
  • Ensuring continuity of controls despite changes in operations, management, or employee composition or structure;
  • Regularly reviewing and updating the Policy to ensure it effectively prevents money laundering and terrorist financing, and that risk assessments are current and accurate;
  • Defining and assigning specific BSA compliance responsibilities to personnel and providing oversight for their execution.

Employees are expected to adhere to these internal control systems and promptly report any suspected violations of Propbase's AML compliance to Senior Management. Such reports will be treated confidentially, and employees will be protected from retaliation for making them.

2.2. Compliance Officer

The role of the Compliance Officer at Propbase is fulfilled by a qualified individual or individuals, collectively referred to as the BSA Compliance Officer. Appointed by the board of directors, the Compliance Officer is responsible for overseeing and coordinating day-to-day compliance with the Bank Secrecy Act (BSA) regulatory requirements. This role is crucial for ensuring that Propbase adheres to all relevant AML (Anti-Money Laundering) and CTF (Counter-Terrorism Financing) regulations and standards.

In addition to their daily oversight responsibilities, the Compliance Officer is tasked with managing all aspects of Propbase's BSA/AML compliance program. This includes the development, implementation, and maintenance of the company's compliance policies and procedures, ensuring they are robust and effective in mitigating risks associated with money laundering, terrorist financing, and other illicit financial activities. The Compliance Officer works to ensure that Propbase's operations are in full compliance with all BSA regulatory requirements, aligning with the company's overall risk profile and regulatory expectations.

The appointment of the Compliance Officer is a strategic decision made by the board of directors, who bear the responsibility for ensuring that the appointed individual has the necessary authority, independence, and access to resources required to manage an effective BSA/AML compliance program. The board ensures that the Compliance Officer is empowered to act autonomously, free from undue influence, and equipped with the tools and support needed to perform their duties effectively.

To facilitate transparency and accountability, the Compliance Officer is required to provide regular reports to the board of directors. These reports must include detailed updates on the status of ongoing compliance efforts, any significant issues or challenges encountered, and the current state of adherence to BSA-related regulations. The Compliance Officer's reports serve as a critical communication tool, keeping the board informed about compliance activities and the effectiveness of the AML program. This regular reporting helps ensure that the board can provide appropriate oversight and support to the Compliance Officer, fostering a strong culture of compliance within Propbase.

2.3. Checking the Office of Foreign Assets Control Listings

On an ongoing basis, Senior Management will diligently ensure that customers do not appear on the list of Specially Designated Nationals and Blocked Persons (SDN list) or engage in transactions prohibited by the economic sanctions and embargoes administered and enforced by the Office of Foreign Assets Control (OFAC). To achieve this, we will regularly consult the SDN list and other listings of economic sanctions and embargoes. Additionally, we will subscribe to receive updates to ensure we have the most current information available.

Whenever there are updates to the SDN list and other sanction listings, Senior Management will promptly review existing customer accounts against the updated lists. This review process will be thoroughly documented to maintain accurate records of compliance checks and to ensure that any necessary actions are taken to address potential issues. By maintaining a proactive and continuous monitoring approach, Senior Management aims to prevent any transactions that could violate economic sanctions and ensure full compliance with OFAC regulations.

3. CUSTOMER IDENTIFICATION PROCEDURES

3.1. Know Your Customer (KYC)

The "Know Your Customer" (KYC) procedure serves as a crucial deterrent against unintended participation in money laundering and terrorist financing activities. KYC involves the thorough identification and verification of customer identities. Ensuring compliance with AML, KYC, and sanctions regulations remains a top priority for our management team. The Company is dedicated to implementing stringent compliance measures to address the growing regulatory demands.

To establish the identity of business applicants or customers for any relationship or transaction, the Company utilizes the verification services of Sum And Substance Ltd (UK) ("SumSub"). This process is carried out in accordance with relevant laws, ensuring that the sources, scope, and quality of the data provided by SumSub are satisfactory and reliable.

SumSub is a trusted partner of the Company, specializing in the collection and processing of customer data on the Company's behalf. As an experienced identity verification firm, SumSub efficiently handles the KYC/AML procedures required.

The Customer Identification Program (CIP) rule is applicable only to "customers" opening new "accounts" with a broker-dealer. Under Wyoming Statute, our Company's current activities do not classify it as a "broker-dealer."

Instead, the Company facilitates the exchange of open blockchain tokens. Despite this, we will still collect the necessary minimum customer identification information to verify identities as part of our KYC procedures.

If, during the course of establishing a business relationship, the Company:

  • Discovers or suspects, upon further verification, that the applicant for business or customer is or may be involved in money laundering or terrorist financing;
  • Fails to secure the full cooperation of the applicant for business or customer in completing the required verification process; or
  • Is unable to carry out the necessary customer due diligence or enhanced due diligence on the applicant for business,

The Company will:

  • Terminate the business relationship; and
  • The employee involved in this process must submit a report to senior management detailing their findings or suspicions regarding the applicant for business or customer, highlighting any concerns related to money laundering or terrorist financing.
3.2. Required Customer Information

Prior to providing any services for customers, we will collect the following information, if applicable, for any person, entity, or organization that is connected its wallet to our Marketplace:

  • Full name;
  • Date of birth (for an individual);
  • Email address;
  • Country of residence;
  • Phone number;
  • An address, which will be a residential or business street address (for an individual), an Army Post Office (APO) or Fleet Post Office (FPO) box number, or residential or business street address of next of kin or another contact individual (for an individual who does not have a residential or business street address), or a principal place of business, local office, or other physical location (for a person other than an individual); and
  • One or more of the following: a taxpayer identification number, passport number and country of issuance, alien identification card number, or number and country of issuance of any other government-issued document evidencing nationality or residence and bearing a photograph or other similar safeguard.
3.3. Verifying Information

We are committed to ensuring that we accurately know the true identity of our customers by employing risk-based procedures for verification and documentation. We use appropriate documents to verify a customer's identity when available, and given the increasing instances of identity fraud, we supplement documentary evidence with non-documentary methods as necessary. If uncertainty about a customer's true identity persists, we may use additional non-documentary means.

We will evaluate whether the identifying information we receive—such as the customer's name, street address, zip code, telephone number (if provided), and date of birth—allows us to form a reasonable belief that we know the customer's true identity. This includes assessing whether the information is logical and consistent.

Appropriate documents for verifying customer identities include:

  • For individuals: an unexpired government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguard, such as a driver's license or passport.
  • For entities: documents showing the existence of the entity, such as certified articles of incorporation, a government-issued business license, a partnership agreement, or a trust instrument.

We understand that we are not required to investigate whether the document provided by the customer for identity verification is validly issued and that we may rely on government-issued identification as proof of identity. However, if we notice any obvious signs of fraud in the document, we must consider this in determining whether we can reasonably believe we know the customer's true identity.

After the customer's wallet is connected, we will verify the information within a reasonable time frame. Depending on the nature of the wallet and the requested transactions, we may refuse to complete a transaction until verification is completed, or in some cases, restrict the types of transactions pending verification. If we discover suspicious information indicating possible money laundering, terrorist financing, or other suspicious activity, we will file a Suspicious Activity Report (SAR) in accordance with applicable laws and regulations.

We recognize that the risk of not knowing the customer's true identity is higher for certain types of wallets. Customers posing a high risk of not being properly identified will be subjected to additional verification measures. These may include obtaining information about the individuals associated with the customer when standard documentary methods prove insufficient:

  1. Beyond verifying the existence of a legal person, the Company must also verify information regarding the legal person's directors, partners, beneficial owners, and individuals acting on behalf of the applicant for business or customer. Relevant documentation includes:
    • Register of Directors, Register of Partners, or similar documents.
    • Register of Shareholders or other similar documents.
  2. If the Company determines from its risk assessment that a legal person or the associated product/service channels present a higher level of risk, it shall perform Enhanced Due Diligence (EDD) and obtain additional information as deemed relevant.
  3. If the Company determines from its risk assessment that an individual or the associated product/service channels present a higher level of risk, it shall perform enhanced due diligence and obtain additional information as deemed relevant.

The Company takes reasonable measures to verify the beneficial owners or controllers of a legal person and updates information on any changes to beneficial ownership or control. During the onboarding process, the Company verifies the identity of the beneficial owner(s) and director(s) to ensure it knows who they are and understands the ownership and control structure. This process includes:

  • Asking for confirmation that the customer, if a natural person, is the beneficial owner of transactions performed with the Company.
  • Asking for information about the beneficial owner(s) and director(s) of a customer that is a legal entity.
  • Verifying the customer's beneficial owner using available state registers or documents confirming the customer's beneficial owners (e.g., registry extracts, registry cards).

The Company does not accept situations where a natural person (customer) is represented by another individual acting on their behalf and/or the customer is controlled by someone who is not the beneficial owner. The identities of beneficial owners and directors are verified regardless of the client's risk classification.

3.4. Identification and Monitoring of Politically Exposed Persons (PEPs)

The Company recognizes the heightened risks associated with providing services to Politically Exposed Persons (PEPs). As such, the Company implements measures to determine whether a customer, their beneficial owner, or their representative is a PEP, a family member of a PEP, or a close associate of a PEP. Upon identifying a customer as a PEP, the Company will automatically subject them to enhanced due diligence (EDD) measures and increased monitoring.

A Politically Exposed Person is someone who is or has been entrusted with a prominent public function. Relatives and close associates of PEPs, often referred to as PEPs themselves, include individuals who have a familial or close personal relationship with a PEP.

Family members and close associates of PEPs are also treated as PEPs, and the same EDD measures apply to them. These relationships typically include, but are not limited to:

  • A spouse;
  • A partner recognized by national law as equivalent to a spouse;
  • A child;
  • A spouse or partner of a child;
  • A sibling (including half-siblings);
  • A parent;
  • A parent-in-law:
  • A grandparent; or
  • A grandchild.

When establishing business relationships with PEPs, their family members, or close associates, the Company requires customers to disclose if they or any related persons are PEPs. The Company then applies the following specific measures:

  • Establishing the source of funds and source of wealth of the PEP, including obtaining more information than usual and verifying it against publicly available sources such as asset and income declarations;
  • Requiring senior management approval to initiate or continue a business relationship with the PEP;
  • Conducting enhanced monitoring of the business relationship, including increasing the frequency and detail of controls, obtaining information on the reasons for transactions, and scrutinizing transaction patterns.

Each customer is also checked against PEP watchlists, both manually and/or automatically, by the employee responsible for the onboarding process.

Even after a PEP leaves their position, their influence and prominence may persist, making them susceptible to bribery, corruption, and AML/TF risks. Therefore, the Company applies a risk-based approach to determine whether a former PEP should continue to be treated as such. Factors considered include:

  • Potential ongoing risks, such as pending legal proceedings or issues related to family members or close associates;
  • The level of (informal) influence the individual could still exert;
  • The seniority of the position held;
  • The time elapsed since leaving the PEP role;
  • Any connections between the former PEP's previous and current functions;
  • The inherent corruption risk in the jurisdiction of the individual's political exposure;
  • Transparency regarding the source of wealth and origin of funds; and
  • Any links to high-risk industries.
3.5. Record keeping

We will thoroughly document our verification process, including all identifying information provided by the customer, the methods used for verification, the results obtained, and the resolution of any discrepancies found during the verification process. Our records will detail every document used to verify a customer's identity, specifying the type of document, any identification numbers it contains, the place of issuance, and, where applicable, the issuance and expiration dates.

To combat and prevent money laundering, terrorist financing, and other financial crimes, the Company is required to retain the aforementioned data for a minimum of five years, in compliance with Anti-Money Laundering legislation.

4. CUSTOMER DUE DILIGENCE (CDD)

Customer due diligence (CDD) is a crucial element in the global effort to combat money laundering, terrorist financing, and fraudulent activities. Through this approach, we regularly collect information to identify our customers and understand their typical activities.

Every customer, along with their beneficial owners, associated parties, and any individuals acting on their behalf, will undergo a background check against relevant money laundering and terrorism financing databases to assess any potential risks.

We have developed, documented, and implemented written policies and procedures designed to identify and verify our customers in compliance with the Customer Due Diligence (CDD) Rule. Customers will be required to provide specific minimum CDD information. We will understand the nature and purpose of customer relationships to establish a customer risk profile. Additionally, we will continuously monitor transactions to identify and report any suspicious activities and update customer information based on risk assessments

4.1. Standard Customer Due Diligence

Standard Customer Due Diligence (CDD) involves several critical steps to accurately identify and verify customers. The main steps include:

  1. Customer Identification: This step involves gathering and recording information to establish the customer's identity. The information required varies depending on whether the customer is an individual, a legal entity, or a legal arrangement. For legal entities or arrangements, the Company collects details about the ownership and control structure, including identifying individuals responsible for managerial functions and directors, as well as any beneficial owners.
  2. Customer Identity Verification: This involves collecting evidence from reliable and independent sources to confirm the customer's identity and verify that the provided information is accurate. This verification process mitigates the risk of impersonation and fraud.
  3. Determining the Purpose or Intended Nature of the Relationship or Transaction: The Company must ascertain the reason the customer seeks to establish a business relationship or conduct a one-off transaction.
  4. Understanding the Customer and Their Context: The Company gathers information about the customer's business and activities to create a baseline profile. This profile helps in identifying any deviations in behavior. Relevant information includes:
    • Nature and details of the customer's business activities.
    • Assets held or managed (for trusts or holding companies).
    • Expected level and nature of activity throughout the business relationship.
    • Source of funds (e.g., income, business profits, investments, dividends, inheritance, property sale, business sale).
    • Source of wealth, especially in higher risk scenarios.
    • Rationale for a complex ownership or control structure.
    • Countries with which the customer intends to engage or has connections.
    • Whether the customer has a criminal record or is known to associate with criminals or criminal organizations.
    • Whether the customer is a Politically Exposed Person (PEP).

Depending on the assessed risk level of the customer, the Company may require additional independent information or documentation to verify the customer's details, such as:

  • Pay slips.
  • Employment letters.
  • Bank statements.
  • Business websites or brochures.
  • Business plans and financial projections.
  • Trade licenses.
  • Contracts or draft contracts.
  • Business databases or regulatory websites (for regulated entities).
  • Financial statements of legal entities or arrangements.
  • Evidence of source of wealth (e.g., inheritance documents, bills of sale, property sale receipts, trust deeds).
  • Reviews from internet and news media sources.
  • Searches on third-party sites and internationally accepted screening databases.

The Company will undertake Standard Customer Due Diligence in the following scenarios:

  • When establishing a business relationship.
  • When conducting a one-off transaction (including wire transfers) involving $5,000 or more, or a lower threshold as determined by the entity.
  • When there is a suspicion of money laundering or terrorist financing, regardless of any exemptions or thresholds, including for customers deemed low risk.
  • When a business relationship or transaction presents a higher risk scenario.
  • When there are doubts about the accuracy or adequacy of previously obtained customer identification data.
4.2. Enhanced Customer Due Diligence

Customers identified as high risk are required to undergo Enhanced Customer Due Diligence (EDD). In addition to standard CDD requirements, these customers must be subjected to more rigorous scrutiny. Due to the elevated risk, a higher level of due diligence is necessary. Ensuring the reliability of information and sources, as well as employing skilled analysts who can accurately gather, corroborate, and interpret data, is crucial to the integrity of the company's EDD process.

The specific EDD procedures will depend on the nature and severity of the identified risk. This additional due diligence may involve various steps, such as collecting more information to verify the customer's identity or income sources, or conducting adverse media checks. These checks should be appropriate to the level of risk to ensure that any potential threats are effectively mitigated.

To manage and mitigate the higher ML/TF risks, the following EDD measures may be implemented:

  • Obtain additional identification documents, data, or information from reliable and independent sources.
  • Collect more information or documentation regarding the purpose and nature of the business relationship.
  • Acquire further details or documents to identify the customer's source of funds and wealth.
  • Gather information about the underlying reasons for planned or executed transactions.
  • Increase the frequency and number of control measures for monitoring customer relationships and transactions.
  • Obtain authorization from Senior Management to establish or continue a business relationship with the customer.

Before establishing or continuing a relationship with a high-risk customer or conducting any transactions for them, approval from the Company's Board of Directors is required. The Board of Directors must provide and document written justifications for its decision to either approve or reject the high-risk customer.

4.3. Ongoing Monitoring

Ongoing monitoring involves continuously updating and enhancing KYC data for AML compliance to ensure that the information is current and comprehensive, reflecting any changes in circumstances.

The benefits of ongoing monitoring in AML include:

  • A more accurate assessment of risk based on the latest data.
  • Full compliance with up-to-date AML regulations.
  • Complete customer information to provide relevant services.

The Company will carry out ongoing monitoring to identify and report suspicious transactions and maintain and update customer information on a risk basis. This includes details about the beneficial ownership of legal entity customers. The customer risk profile will serve as a baseline to assess customer activity, helping to identify any transactions or behaviors that deviate from the norm. If such deviations are detected, the Company will investigate to determine if there have been any changes in the customer's circumstances and reassess the associated AML/CFT risks.

Data and information collected under the CDD process must be regularly updated and kept relevant through ongoing monitoring and periodic reviews. This is especially important for higher-risk customers.

Certain events may trigger the Company to review and update customer information and circumstances, such as:

  • A customer applying to establish a new relationship.
  • A customer changing their geographic location or requesting services from a new location.
  • A significant change in ownership and/or management structure.
  • A customer becoming a Politically Exposed Person (PEP), being placed on a sanctions list, or being linked to criminal activity.
  • Identification of unusual transactions or activities through transaction monitoring.

If the Company determines that a business relationship presents a higher risk, it will review and update the customer due diligence information for that customer at least once a year. For medium or low-risk business relationships, the Company will review and update the customer due diligence information at least once every five years.

4.4. Customer Checking

The Company employs continuous CDD systems capable of detecting if a customer, including their beneficial owner(s), has:

  • Become a Politically Exposed Person (PEP);
  • Become subject to sanctions; or
  • Been connected to illegal or higher-risk activities.

The Company regularly screens customers against sanctions lists and monitors press and media releases to identify any relevant updates.

However, periodic checks alone may not suffice, particularly concerning sanctions listings, which require prompt action (e.g., asset freezing). Therefore, the Company aims to review its customer base immediately upon receiving notifications of updated sanctions lists from competent authorities

4.5. Monitoring of Transactions

Transaction monitoring is essential for preventing money laundering, terrorist financing, and other illicit activities. To this end, the Company has implemented an effective monitoring system that:

  • Identifies unusual transactions and activities for further examination.
  • Enables Senior Management to promptly review these flagged transactions and activities.
  • Ensures appropriate actions are taken based on the review findings.

Signs of unusual transactions or activities may include:

  • Transactions, activities, or requests with no clear legitimate purpose or commercial justification.
  • Transactions, activities, or requests that are unnecessarily complex.
  • Transactions whose size or nature does not align with what is expected for that customer.
  • The customer conceals information about their activities, such as the transaction's purpose, the source of funds, or CDD documentation.
  • The customer conducts frequent, complex, one-off transactions typical of a business relationship, yet refuses to establish such a relationship.
  • Transfers to or from high-risk countries that do not match the customer's expected activity.
  • Unnecessary routing of funds through third-party accounts.
  • Unusual investment transactions lacking apparent purpose.
  • The customer displays extreme urgency in requests, especially if unconcerned about high transfer fees and early repayment fees.

The Company will consider whether transactions should:

  • Be monitored in real-time (i.e., as they occur or are about to occur), post-event (i.e., through retrospective analysis), or a combination of both.
  • Be monitored manually or automatically, depending on the nature, size, and complexity of the Company's business.
4.6. Procedures for Customers with Underlying Clients

Customers with underlying clients refer to individuals or entities involved in financial transactions, services, or business relationships with an institution or organization that is subject to Anti-Money Laundering (AML) regulations and compliance measures. These underlying clients are secondary or affiliated individuals or entities that indirectly benefit from or utilize the services provided by the institution through the primary customer account.

Procedures that may be applied to customers with underlying clients include, but are not limited to, enhanced due diligence (EDD), ongoing monitoring, transaction monitoring, AML policy review, and licensing review.

4.6.1. AML Policy Review

The AML policy review process includes, but is not limited to, the following steps:

  • Verifying that the AML policy is in alignment with the latest local, national, and international laws and regulations.
  • Reassessing the risk assessment to identify any emerging risks and changes in the risk landscape.
  • Reviewing the AML policy to ensure it contains all the necessary information for conducting due diligence on both primary and underlying clients.
  • Reassessing KYC procedures to ensure they capture all required customer information, including beneficial ownership data and source of wealth verification.
4.6.2. Licensing Review

The licensing review process includes, but is not limited to, the following steps:

  • Verifying that the licensing procedures comply with the latest local, national, and international laws and regulations.
  • Reassessing the risk assessment to identify any emerging risks and changes in the licensing procedures.
  • Reviewing licenses to ensure they contain all required information for conducting due diligence on both primary and underlying clients.
  • Reassessing licensing procedures to ensure they capture all necessary customer information, including beneficial ownership data and source of wealth verification.

5. UNACCEPTABLE CUSTOMERS

The following types of customers are not eligible to use the Company's services:

  • Customers who fail or refuse to provide the required data and information for identity verification without sufficient justification.
  • Customers from jurisdictions banned by the Company's internal policies or international sanctions.
  • Customers identified as subjects of the International Sanctions Act.
  • Customers identified as subjects of UN Sanctions, EU Sanctions, sanctions administered by the Office of Financial Sanctions Implementation, or the Office of Foreign Assets Control.
  • Customers whom the Company suspects of engaging in money laundering or terrorist financing.
  • Any other customers deemed risky or suspicious by the Company in accordance with applicable Money Laundering and Counter-Terrorist Financing laws.

The Company will not accept customers from the following countries and regions:

  • Afghanistan
  • Barbados
  • Belarus
  • Burma (Myanmar)
  • Burkina Faso
  • Burundi
  • Cambodia
  • China
  • Central African Republic
  • Cuba
  • Democratic Republic of the Congo
  • Democratic People's Republic of Korea (North Korea)
  • Ethiopia
  • Gibraltar
  • Guinea
  • Guinea-Bissau
  • Haiti
  • Iran
  • Iraq
  • Jamaica
  • Jordan
  • Lebanon
  • Libya
  • Morocco
  • Mali
  • Nicaragua
  • Pakistan
  • Panama
  • Philippines
  • Russia
  • Senegal
  • Somalia
  • South Sudan
  • Sudan
  • Syria
  • Tunisia
  • Uganda
  • United States of America
  • The regions of Ukraine (Crimea, Donetsk, and Luhansk)
  • Venezuela
  • Yemen
  • Zimbabwe

Additionally, individuals or entities from jurisdictions that require a specific license or permit will not be accepted as customers unless the Company has obtained the necessary permit or license.

6. RISK-BASED APPROACH

In relation to Risk-Based Approach, Propbase shall:

  • Document and maintain records of the risk assessments conducted;
  • Consider all relevant risk factors before making a determination of the level of customer risk or institutional risk;
  • Apply the appropriate risk mitigation measures and controls based on the level of risk identified in risk assessments;
  • Regularly review and update risk assessments on an ongoing basis;
  • Update risk assessments where there are any changes in relevant risk factors;
  • Have appropriate mechanisms in place to provide risk assessment information on request.
6.1. Customer Risk

Assessing the money laundering (ML) and terrorist financing (TF) risks associated with each business applicant or customer is crucial for the Company. This assessment determines the level of controls and mitigation measures required for each customer. During the initial stage of the Customer Due Diligence (CDD) process, the extent of CDD measures is defined. For customers with higher ML/TF risks, more detailed information must be gathered and verified. Conversely, for customers with lower ML/TF risks, CDD measures can be simplified but not entirely omitted, in accordance with Anti-Money Laundering legislation.

The Company adopts a holistic approach to evaluate the information collected for each customer, leading to a customer risk rating. This rating determines the level and type of ongoing monitoring, including continuous CDD and transaction monitoring. The risk assessment guides the Company's decisions on whether to establish, continue, or terminate a business relationship, or to proceed with or reject a transaction.

As a customer's risk profile can evolve over time, the Company regularly reviews and updates each customer's risk assessment, especially for higher-risk customers, who are reviewed at least once a year.

The customer risk assessment framework considers various risk factors, including:

  • Risks related to the customer's business or activity.
  • Risks linked to the customer's reputation.
  • The customer's geographic exposure.
  • Delivery channel risk factors.

7. COMPLIANCE AUDIT

7.1. Internal Audit

Internal audit is a critical component of the Company's internal controls, designed to mitigate and manage risks related to money laundering (ML), terrorist financing (TF), and other illicit financial activities, while ensuring compliance with BSA regulatory requirements. The board of directors plays a vital role in fostering a culture that prioritizes compliance and holding Senior Management accountable for implementing the Company's BSA/AML internal controls.

The internal audit aims to ensure ongoing compliance with BSA regulatory requirements and includes, but is not limited to, the following tasks:

  1. Evaluating the Company's BSA/AML risk assessment and identifying ML/TF and other illicit financial activity risks, including any changes in those risks.
  2. Assessing the continuity and effectiveness of the Company's program despite changes in operations, management, or employee composition or structure.
  3. Facilitating oversight of information technology sources, systems, and processes that support BSA/AML compliance.
  4. Establishing mechanisms to identify and report BSA compliance and any compliance deficiencies to the board of directors and Senior Management.
7.2. Independent Audit

An independent audit is essential to evaluate the Company's adherence to BSA regulatory requirements and to safeguard against money laundering (ML) and terrorist financing (TF). This audit is conducted by the internal audit department, which is not involved in the functions being tested, as well as by external auditors, consultants, or other qualified independent parties.

While BSA regulations do not specify the frequency of independent audits, they should be conducted in accordance with the Company's ML/TF risk profile and overall risk management strategy. The Company conducts an independent audit annually within six months after the end of the fiscal year.

The independent audit encompasses, but is not limited to, the following areas:

    Assessing whether the Company's BSA/AML risk assessment aligns with its risk profile.

    Evaluating whether the Company's policies, procedures, and processes for BSA compliance are appropriate for its risk profile.

    Verifying that the Company adheres to its BSA compliance policies, procedures, and processes.

    Ensuring the Company complies with BSA recordkeeping and reporting requirements.

    Reviewing the adequacy of the Company's process for identifying and reporting suspicious activity.

    Checking the completeness and accuracy of the information technology sources, systems, and processes that support the BSA/AML compliance program.

    Confirming that training is provided to relevant personnel, tailored to specific functions and positions, with supporting documentation.

    Evaluating whether management has taken appropriate and timely actions to address any violations and deficiencies identified in previous independent audits and regulatory examinations, including progress on addressing outstanding supervisory enforcement actions, if applicable.

Examiners review the documents, including auditor's reports, scope, and workpapers, to assess BSA compliance. They evaluate the adequacy of the audit reports and the independence of the testing. They also check if the testing sufficiently addresses risks based on the risk profile and whether it is conducted frequently enough. Furthermore, they monitor the timely reporting of violations, track them, and document the corrective actions taken.

8. TRAINING OBLIGATION

Training is provided in accordance with the Bank Secrecy Act (BSA), the BSA/AML Training Section of the BSA/AML Examination Manual, the Anti-Money Laundering Act of 2023, the USA PATRIOT Act, and this Policy.

The Company is committed to enhancing employee expertise by:

  1. Delivering precise and appropriate training that complies with regulatory mandates, covering topics such as money laundering, terrorist financing, and proliferation financing protocols.
  2. Implementing effective mechanisms and protocols to assess employees' understanding and awareness of the training provided.

Training is mandatory for the board of directors and Senior Management of the Company but also applies to other employees, including those not part of the board or senior management, especially those performing anti-money laundering, terrorist financing, and proliferation financing functions under outsourcing arrangements. The training must be tailored and proportional to each specific area of responsibility.

The Company recognizes that training must extend beyond key staff to include all relevant employees to ensure comprehensive AML/CFT awareness and capability.

Training must be conducted at least annually and whenever significant regulatory updates occur. The training program includes, but is not limited to, the following topics:

  • AML regulatory requirements.
  • Potential risk profiles and warning signs.
  • Financial crime patterns and trends.
  • The high-level context of why anti-money laundering and counter-terrorism financing programs are essential for the Company and the risks they aim to mitigate.
  • De-risking and its impact on the provision of financial services.
  • Internal AML policies, procedures, and processes.

The training process employs various methodologies, engaging trainers and trainees through live or virtual interactions. This dynamic setup encourages active participation and deepens employees' understanding of the training content. Training formats include in-house workshops and seminars, industry-specific training sessions, international training opportunities, virtual learning experiences, and webinars.

All training sessions must be thoroughly documented in compliance with record-keeping requirements.

9. CHANGES TO POLICY

Propbase retains the authority to modify or amend this Policy at its sole discretion. The date of the most recent revision will always be indicated above. When we make changes to this Policy, we will notify you in a manner appropriate to the significance of the changes. In instances where applicable law requires, we will seek your approval for any substantial modifications. If you do not agree with the new version of this Policy, we kindly ask that you discontinue using our services.

For any inquiries or further information regarding this Policy, please contact us at : support@propbase.app

We are committed to ensuring that our policies remain current and effective in addressing evolving regulatory requirements and business needs. Therefore, periodic reviews and updates are integral to our compliance strategy. When we make amendments, we strive to communicate these changes transparently and efficiently, ensuring that you are well informed about how they may impact your use of our services.

If significant changes are introduced, such as those affecting your rights or our obligations under this Policy, we will provide detailed information and, if necessary, seek your explicit consent. This approach ensures that our customers remain fully aware of and agree to the terms under which our services are provided.

We appreciate your cooperation and understanding as we work to maintain the highest standards of compliance and service. Should you have any questions or require clarification about this Policy or any of its updates, do not hesitate to reach out to us.