GCC Exchange UK Limited AML Manual for Payment Institution

AML Policy 2018-19 Ver. 1.5 ANTI MONEY LAUNDERING POLICY VERSION CONTROL

Date Version Author

2012-13 1.1 ABM Ashabul

2013-14 1.2 (updated) ABM Ashabul

2015-16 1.3 (updated) ABM Ashabul

Nov 17 1.4 (updated) Andrew Smith

Oct 18 1.5 (Revised) Andrew Smith

1 Table of Contents

1. INTRODUCTION...... 3

2. MONEY LAUNDERING...... 4

3. DEFINITION...... 5

4. LEGISLATION...... 5

5. OUR OBLIGATIONS...... 5

6. RISK BASED APPROACH...... 6

7. CDD...... 7

8. ID FRAMEWORK...... 8

9. POLITICALLY EXPOSED PERSONS ……...... 9

10. SANCTIONS………...... 9

11. CORPORATE CLIENTS AND AGENTS…………………………………………………………...... 10

12. ENHANCED DUE DILIGENCE….…………………………………………………………………...... 11

13. LINKED TRANSACTIONS...... 13

14. ID SYSTEM………………………...... 13

15. AUTOMATED SYSTEMS AND CONTROLS……………………………………………………...... 13

16. EMPLOYEE OBLIGATIONS ………………………………………………………………………...... 13

17. ANTI BRIBERY & CORRUPTION …………………………………………………………………...... 14

18. WHISTLE BLOWING…………………………………………………………..……………………...... 14

19. TRAINING…………………………………………………………………………...……………………...... 14

20. RECORD KEEPING……………………………………………………………………………………...... 15

APPENDIXES

1. Suspicious activity & Proceeds of Crime Act 2002…………………………...... …16 2. Suspicious Activity Report format…………………………………………………...... 17 3. Basel – ML Country Risk Score………………………………………………………...... 18 4. Agent Application Form & AML-KYC Questionnaire…………………………...... 22 5. On boarding form for agents………………………………………………………...…...... 26 6. Fitness and propriety questionnaire..………………………………………………...... 29 7. Declaration of having read the AML policy...... 33

2 1. INTRODUCTION

GCC Exchange UK Ltd 90 High Street Southall Middlesex UB1 3DB

25 October 2018

Dear Colleagues,

The following document defines the clear process and procedures of GCC Exchange UK Ltd (here in after referred to as GCC Exchange) and our approach to anti-money laundering (AML). I fully endorse our newly updated policies keeping with our business model and obligations to prevent all whistle blowing procedures. forms of money laundering, tax evasion, terrorist financing, bribery and corruption. Also added is a section on

The adherence to comply with the rules as stated in this policy is legally binding to all who work for and are with this company and all relevant employees are undertake to comply with these policies.

Please ensure to read it, understand it and follow it.

Signed:

Andrew Smith

Money Laundering Reporting Officer

3 2. MONEY LAUNDERING

Money Laundering is the process by which criminals attempt to hide and disguise the true origin and owner- - tion of the illegally obtained funds. ship of the proceeds of their criminal activities, thereby avoiding criminal prosecution, conviction and confisca

In the industry, it is widely regarded that there are 3 key stages of the Money Laundering process. These are:

1) Placement 2) Layering 3) Integration

success of criminal operations. The ability to launder the proceeds of criminal activity through the financial systems of the world is vital to the

Historically, the traditional Banking sectors have led the efforts to combat money laundering but with the suc- all of us to do our part. cesses of international FX and remittance firms (e.g. GCC Exchange), the fight against criminal activity requires

weaknesses in the system and look at various methods to convert illegally obtained money. It is our duty to be vigilant at all times in all aspects of our business as criminals continuously probe to find

Money, usually in the form of hard cash, is vital for any terrorist organisation. The absence of money makes it almost impossible for the organisation to function.

Therefore, to protect themselves and achieve success in their harmful acts, terrorists work hard to concealing their money and its true origin. The process is a joint effort between people who are recruited to raise funds - tance and receipt of the funds. for terrorist finance and the terrorist quartermaster/finance Director who mastermind the process the remit

when engaging in any aspects of remittance services. All staff, partners and affiliates of GCC Exchange are required to maintain the highest levels of due diligence

funding. An approach fully endorsed by its Senior Management and the MLRO. GCC Exchange places the utmost importance on the fighting against money laundering and combating terrorist

4 3. DEFINITION

UK legislation are: Legal definitions of the crime of money laundering used in European Council Directives have been adopted into • The conversion or transfer of property for the purpose of concealing or disguising the origin of the property.

• The concealment or disguise of the true nature, source, location, disposition, movement, rights with respect to or ownership of illicitly gained property.

• The acquisition, possession or use of property derived from criminal activity or participation in criminal activity.

4. LEGISLATION IN THE UNITED KINGDOM

following: The legislation governing money laundering and Terrorist Financing and the fight against it is contained in the

• Proceeds of Crime Act 2002 (as amended) • Money Laundering Regulations 2007 • Terrorism Act 2000 (as amended by the Anti-terrorism, Crime and Security Act 2001)

• Money Laundering Regulations 2017 (now superceding MLR 2007) In addition, references, guidance and instruction are given in HM Treasury Sanctions notices and news releases and the FCA Handbook.

It is important to note that United Kingdom legislation in respect of money laundering is an “all crimes legislation”.

5. OUR OBLIGATIONS

In accordance with our responsibilities under the regulations in force, GCC Exchange have appointed a Money

Laundering Reporting Officer/Nominated Officer (MLRO/NO). Email: [email protected] Our MLRO/NO is: Andrew Smith His obligations include, but are not limited to:- • ensuring all staff of GCC Exchange are trained regularly in anti-money laundering • ensuring that they understand their training • adopting a risk based approach to customer due diligence and enhanced due diligence including ongoing monitoring of any business relationships

5 6. ‘RISK BASED’ APPROACH Applying Due diligence at the start of customer engagement

What is it?

To us, this means identifying the person or company that is to become our ‘Customer’. We should verify the Customer’s identity on the basis of information obtained through legally acceptable documents that are reliable.

The customers could be individuals or firms (a limited company or LLP or partnerships). For individuals, we have to verify their identity and addresses.

For firms or companies the ultimate beneficial owners (UBO) who own/control 25% or more of the shares are to be identified. GCC Exchange will undertake adequate measures to ensure the UBO’s identity and propriety; Hence it should be ensured UBO’s do not belong to, or are linked to any political or sanctioned entities/countries.

• To take appropriate measures to understand the ownership and control structure the UBO.

by another entity, the person who controls the management of the body. • Identify the UBO, who owns or controls more than 25% of the shares or voting rights or if controlled

Further GCC exchange, would rate micro businesses and non regulated entities with a simple business model - um risk based on the geography of incorporation and the countries they remit to. We would categorise MSBs and Small Payment Institutions (SPI) that are regulated but with a simple business model as low risk or medi and PSPs with further downstream agents as high risk. Taking all the above into consideration, the MLRO will risk rate all non- individual customers, on a case by case basis.

Geographic Risk:

This is where vigilance about the risks associated in dealing with people, companies from geographical regions that are exposed to high levels of crime, terrorism, fraud, corruption and so forth. Our geographical risk is man- dated (and changed) based upon the following:

• Ability to service various market corridors • Business risk appetite of Management (and MLRO) • Risk appetite of our Banking partners • Revised Sanctions • Adverse information on certain geographic regions

categorizes clients based on their nationality, if resident of another country we would go by the country of resi- As per current regulations in force for financial services GCC adopts a risk based approach for all clients and dence. GCC Exchange uses the Basel AML index, wherein countries are rated on a scale of 1 to 10 for money

6 laundering risk. (see Appendix-3 Basel AML Index), based on which , we classify countries as Low risk 0 -3.33 Medium risk 3.33 - 6.66 High risk 6.66 – 10.00 transaction monitoring. If a client is classified as high risk, then enhanced due diligence will be practiced as well as ongoing **All high risk client accounts will only be opened on the approval of the MLRO**

7. CUSTOMER DUE DILIGENCE

KNOW YOUR CUSTOMER (KYC)

KYC requirement is a key aspect in GCC Exchange’s relationships with its clients. The documents required for

Clients,various whosizes wish of transactions to make payments, are as detailed including in the one-off ID/ Remittance payments, areframework required section to provide 9. their key details such as name and address. GCC Exchange requires all clients to provide us with their ID and proof of address to reg- ister as a customer.

All payments, no matter what their size, require caution and staff should apply due diligence at all times. If internally to the MLRO. The staff while interacting with customers should be conscious not to tip off the cus- there are any suspicions or staff have market knowledge, a suspicious activity report (SAR) should be filed tomer.

The proof of source of funds is mandatory when the individual is a politically exposed person (PEP), in such cases the staff member has to verify the source of funds – but not TIP OFF the individual (also see P13). DUE DILIGENCE: A SIMPLE SUMMARY

Step A Identify the customer Conduct a consultation with the proposed customer. Find out who they are. Identify them.

Step B What do they want? Understand the reason for them to want to do business with GCC Exchange.

Confirm their legitimacy. Step C Obtain required legal and formal identity documents.

7 Step D Complete external KYC checks where required, if there are any irregularities, refer to MLRO

Step E

Check if all the documents have been obtained and are satisfactory and then complete the file 8. ID/REMITTANCE FRAME WORK

Both Cash and Bank Transactions Thresholds in GBP ID Requirements £1- £600 1 proof of ID £601- £2500 Photo ID and Proof of address £2501- £5000 Photo ID, Proof of address and Declaration form £5001- £12,000 Photo ID, Proof of address, Declaration form and Source of Funds Photo ID, Proof of address, Declaration form, Source of funds and > £12,001 further information as required.

ID DOCUMENTS

• EU National: Resident permit • Current signed passport / EEA State ID Card

• National ID card • Current UK / EEA photo card driving license (full or provisional) • Asylum seeker Registration Card with Work Permit

PROOF OF ADDRESS

• Recent utility bill / statement (dated within 3 months) • Valid local authority tax bill (dated within 3 months) • Bank statement (dated within 3 months) • Current Full/provisional UK photo card Drivers License • EEA Member state ID card containing a current address • Confirmation from the electoral register

SOURCE OF FUNDS & DECLARATION OF FUNDS

As evidence of source of funds, we require the Pay slips, Bank Statement or P60 (needless to add that the If funds are from a loan or remortgage then the following original documents should be provided: amount transferred should be within the income) and a self Declaration in specified form from the customer.

- Credit card statement or cash advance receipt - Loan/mortgage agreement - Statement showing proceeds from sale of an asset or assets

8 GCC Exchange will ensure that the customers are not on the sanction list. For corporate customers credit checks through service providers will be conducted, to check corporate clients’ details and transactions to ensure that information matches with those provided by the client.

Any inconsistencies must be raised to the MLRO through an internal SAR. If staff suspect fake or fraudulent ID has been presented, they must not disclose or discuss their concerns with anyone else, including the presenter of the ID – as this may count as “TIPPING OFF” which is a severally punishable offense.

9. POLITICALLY EXPOSED PERSONS (PEPs)

PEPs are defined as individuals who have been entrusted with a prominent public function outside of the UK. - ate of a PEP. GCC Exchange also extends the definition of a PEP to add any immediate family member and/or a close associ

In order to comply with regulations, GCC Exchange ensures that all accounts relating to PEP’s must; • be approved by the MLRO • be subject to enhanced due diligence • consider all transactions and any association with a PEP as high risk

Any PEP wishing to conduct a remittance with GCC Exchange shall be asked to verify the source of their funds, even if the sum is below our £2500 threshold.

10. SANCTIONS

What are sanctions?

Sanctions (or embargoes) are political trade restrictions put in place against certain target countries who have Laundering, Fraud, Terrorist Finance. failed to meet certain unilateral conditions or are part of/have failed to satisfy conditions pertaining to Money The aim of applying sanctions is to maintain or restore international peace and security. There are lists that have been created that detail countries and dictatorship regimes, these are called ‘sanctions lists’. Any client found on a sanctions list will be declined and no transactions will be carried out. Our remittance soft- ware, Secure Remit, will automatically identify sanctioned entities.

Sanctions list and Politically Exposed Persons (PEPs)

A consolidated list of targets listed by the United Nations, European Union and United Kingdom under legisla-

Our system will automatically detect if both the client’s name and receiver’s name matches with the names in tion relating to current financial sanctions regimes will be integrated to our remittance IT system. the sanctions list.

9 11. CORPORATE CLIENTS AND AGENTS

When providing services to corporate clients and agents, the following procedure would apply. In adopting a risk based approach GCC Exchange staff should ensure they understand the company’s legal form, structure and ownership.

We take a risk based approach while on-boarding corporate clients and agents. It would be our endeavour to on board agents with simple and transparent business models such as Small Payment Institutions or non regulated who have sub agents under them as their clients. For other businesses that need payment services, we would businesses who cater to everyday public and avoid agents with a complex business models such as MSBs/PSPs endeavour to take on only small and micro businesses.

ON BOARDING PROCESS:

GCC Exchange will obtain an application form and AML-KYC questionnaire in respect of agents and corporate clients as per Appendix 4, along with the ownership structure to ascertain the actual beneficial owners holding House or other electronic search engine for companies. over 25% of stake in the firm/company. Verification of ownership shall be by an online search of Companies

The identity of all directors, the ultimate beneficial owners and all authorised signatories will be verified. It is so and will obtain evidence of such authority as part of the KYC. important that GCC Exchange is satisfied that a person acting on behalf of a corporate client has authority to do We must also remain vigilant and be sure of the activities of the client are within our approved business model. An indicative list of prohibited business activities include, but can include others at the discretion of the senior management:

• Gambling

• Racketeering and counterfeit goods trading • Narcotic drugs (and some pharmaceutical activities) • Adult Content and Entertainment services • Arms and weapons dealing and broking • Military services • Toxic waste servicing and reckless chemical supplying, processing, broking

We recognise• Sex traffickingthat Corporate and Legal Entities provide an attractive vehicle for money laundering. The use of

“brass plate” or shell companies* is common place and will with due care verify the identity of the client (i.e. the Company); Limited liability partnerships and partnership firms are treated as corporate clients. *NB MLRO immediately – Remember – DO NOT “TIP OFF” ! - Where it is clear that the client in question is a shell (dummy) company the matter must referred to the

10 - selves or have a company search carried out through an independent source In order to verify the information provided by a corporate client/ agent, we will verify the information our • Company’s Registration number, name and trading name • Registered address and any separate trading address • List of Directors

• Memorandum and Articles of Association • List of beneficial owners and shareholders • Proof of trading • The ID and Address proof of all UBOs and directors

Further we would also assess the following

• Their business model, countries they send payments to and customer type • The fitness and propriety of UBOs, directors and senior management as per Appendix 6;

• The firm’s capability to handle transactions in terms of location, communication and security Publicly • listed The firm’scompanies ability whether to store UK and or transmit non UK dataare generally electronically considered to be low risk, as the listing will be

Theon a MLROrecognised will then or approved assess the stock application exchange, as noper further Appendix-5, identification and accord steps approval. are required.

MONITORING:

Corporate clients and agents activities would be monitored on an ongoing basis. The agents whether regulat- ed or unregulated will be monitored by GCC Exchange UK’s MLRO and director - operations. Agents sizeable business would be subjected to an annual external compliance certification mandated in the agency agreement regard to the nature, size, volumes and geographies serviced. The MLRO will also visit the business premises of by a consultant firm of our choice. The performance of agents will be overseen by the senior management with all agents periodically.

The senior management has online access to the transactions of the agents and corporate clients. Also for agents who use GCC Remit, the AML rules are set by us and will act as a safe guard and alerts will be generated the GCC Remit platform and integrated hence would be subject to the same AML safeguards. and emailed to the senior management. For agents using their own platforms, their transactions will flow into 12. ENHANCED CUSTOMER DUE DILIGENCE

INDIVIDUALS SEEN IN PERSON

The majority of GCC Exchange customers will be seen in person given our business model and our central Lon- don location. Therefore, we are required to have procedures in place where a new client is presenting in person,

11 as follows:-

i. Obtain acceptable photographic identification (photocopy the same and hold on record) document should not be older than 3 months from the date of the transaction. ii. Proof of the address of the client has to be obtained, photocopied or scanned and retained; this unique reference number will be:- *Note the unique reference number of the photographic identification on the account opening forms. The • Passport number • Driving license number • National identity card number

Certify the documentation by signing and dating and including the words e.g.: ‘original seen’.

INDIVIDUALS NOT SEEN IN PERSON (NON FACE-TO-FACE CLIENTS)

Our business model is directed towards online remittance. Though we are yet to commence non face to face acceptance of customers, we hope to start once we have the systems in place. When we take on customers non- face to face, the staff will have to obtain the ID proofs and have them electronically verified. STEP 1 The Clients will upload their ID and proof of address on our system

STEP 2

GCC Exchange staff will attend a short video-call with customer over skype/ whatsapp/ facetime / wechat. STEP 3

We engage the services of our due diligence partners, to run an external ID/KYC online check. STEP 4 of our remittance and FX services. Once the Client’s identity has been verified and the above conditions satisfied, they will be able to enjoy full use

WHEN CLIENT IS UNABLE TO COMPLETE OUR STANDARD NON FACE TO FACE KYC PROCESS

In cases where we are unable to electronically verify the ID or address proof or other documents, we need to obtain true Copies SOLICITORof the originals certified by a personBANK ofMANAGER holding responsible position.POST ForMASTER e.g. DOCTOR CHARTERED ACCOUNTANT POLICE OFFICER ***Facsimile copies are not acceptable***

Certifying on each ID copy - “I hereby confirm that this is a true copy of the original” and print the name, date and the position or office the certifying person holds. 12 13. LINKED TRANSACTIONS

In anticipation that a client will avoid requiring proof of funds and have structured his/her transactions in reaching the limit amount, the client may divide the amount among his/her friends and send the money at the detect linked transactions. same time to a single beneficiary. In this case, Secure Remit our remittance front-end IT system will be able to 14. ID SYSTEM

Our remittance software will allow us to allocate a unique ID number to each client. Clients are encouraged to use their ID number in all communications with us for security purposes. The outcome is that we can be unauthorised person, hacker etc). assured that we are dealing with the right person and preventing usage of client’s account by others (i.e. an further identity checks, these should be done by asking security questions such as date of birth, postcode, and Client must give the unique ID number every time he/she does a transaction. If we need to continue with

Thesecontact checks numbers are andstrictly details implemented of beneficiaries before or proceeding details of lastwith tr theansactions. transaction.

15. AUTOMATED SYSTEM AND CONTROLS

- lowing AML set of rules will trigger the system to hold the transaction: To confirm compliance we have a system of automated controls, for which we set rules in the system. The fol • Incomplete KYC requirements will not allow any transactions to occur • Any payments in excess of £2500 require proof of the source of funds from the Sender

• Sender added more than ten (10) beneficiaries • Beneficiary received more than £5,000 in total in a month • Beneficiary received funds from three (3) or more different Senders. 16. EMPLOYEE• Both sender OBLIGATIONS: and beneficiary names match with those names on the Sanctions List

All relevant GCC Exchange staff will undergo training and be provided with training manuals to help them un- derstand their role and comply with payment services regulations conducted by the MLRO. Staff are required to read the AML policy and manual, keep themselves up to date with the changes from time to time. All relevant staff will have to sign a declaration of having read the AML policy of GCC Exchange and that they would abide by the policy. Format is attached as Appendix -7.

Where the instruction is to refer the matter to MLRO, the client should be informed that there is a problem with the identification and clarification is to be sought from MLRO. Such clearance or refusal to establish a business relationship/ transaction will be available within reasonable time. In practicing KYC and EDD, GCC Exchange 13 staff should satisfy themselves as to the rationale behind the instruction or business. Furthermore, they should across the business is mandatory. be satisfied that instructions by a client are rational and make good business sense. A risk based approach

INFORMATION ABOUT OUR SERVICES TO POTENTIAL CLIENTS

GCC Exchange staff are not expected to carry out customer due diligence or enhanced due diligence procedures with a client where the meeting is merely to provide information to a prospective client about our services or is

17.a first ANTI interview/discussion BRIBERY AND prior CORRUPTION to a relationship being established.

Prevention of bribery and corruption is important for GCC Exchange, as a failure to prevent bribery and cor- ruption would hit its reputation and the trust, reposed by its customers. Recognising the threat, GCC Exchange adopts a zero tolerance approach to bribery and corruption. GCC Exchange shall comply with the provisions of the Bribery Act 2010.

Employees are made aware that should they become aware of any bribery or corrupt practices involving any staff member, third party service providers or customers in conducting business with GCC Exchange, they should report the matter to the Director Operations.

GCC Exchange employees are made aware that it is inappropriate to offer and/ or accept gifts and hospitality for are incidental to business, are exempt. the conduct of business. However certain gifts and hospitality of a modest nature and insignificant value, which 18. WHISTLE BLOWING:

The act of ‘making a disclosure in the public interest’ is referred to as ‘whistle blowing’. The Public Interest - ed by the law, an employee should make the disclosure of any criminal offence, failure to comply with a legal Disclosure Act 1998 (PIDA) is an Act that protects whistleblowers in the UK. For the disclosure to be protect obligation, miscarriage of justice, threat to an individual’s health and safety, damage to the environment and a deliberate attempt to cover up any of the above to a Director and in the right way. While doing so an employee must ensure to:

• Make the disclosure in good faith (with honest intent and without malice); • Reasonably believe the disclosure is made to the right ‘prescribed person’. • Reasonably believe that the information is substantially true; and 19. TRAINING

One of GCC Exchange key controls to mitigate the threat of money laundering will be to have staff that are aware of, and alert to the threat. All relevant staff, whether full-time, part-time or contractual and our agents, their managers and staff, will be made aware of our anti-money laundering policy, manual and their obligations

14 arising for both themselves and GCC Exchange. We will provide training on anti-money laundering and how and

Thiswhen training to make will a Suspicious comprise Activityof two key Report elements:- (SAR).

take induction training. The training is provided by the MLRO or the MLRO will engage external AML Advisors Induction Training - The MLRO/NO is responsible for identifying relevant new staff that are required to under- and will conduct the training. The content of the training includes awareness training, covering Money Launder- ing and Terrorist Financing.

Refresher Training - all relevant staff must undertake regular refresher training on an annual basis. The train- ing is provided by the MLRO or the MLRO will engage AML Advisors and assessment of staff understanding is carried out throughout the training.

GCC Exchange will obtain acknowledgement from staff and agents that they have received the necessary train- ing. All staff members will be required to sign their attendance at training sessions. Evidence of AML training

20.provided RECORD will be KEEPINGrecorded and held in the AML training file.

and communications with every client. It is the responsibility of all staff members to ensure completeness of GCC Exchange will create and maintain sufficient documentation to give a clear and full record of all contacts records for the area in which they are employed.

GCC Exchange retains all records for a minimum of 5 years after the business relationship has ended. Where an investigation is being conducted, all records will be retained for 5 years or until the end of the investigation, whichever is longer.

15 APPENDIX 1: THE PROCEEDS OF CRIME ACT 2002 AND SUSPICIOUS ACTIVITY

The member of staff of GCC Exchange comes across what is described as Suspicious Activity that it should be report- Proceeds of Crime Act 2002 (POCA) requires (amongst other things) that when in the course of business a

Thereed in the is first instance to the MLRO.

no definitive list of what constitutes suspicious activity, however if the principles of KYC are rigorously make a judgment about what constitutes suspicious activity in each case. applied then in the course of conducting business with the client sufficient information should be available, to When an activity is suspicious, the following procedures will be followed:-

• The person suspecting should immediately make a written report or e- mail to the MLRO/NO If • No discussion with other members of staff should take place. Date and time of report should be urgent phone first, then follow up with a written report;

recorded; • New suspicion of the same client means a new report must be made: • Acknowledgement of the report should be obtained from the MLRO/NO and can be done via email;

FAILURE TO REPORT:

Failure to report knowledge or suspicions of laundering of the proceeds of crime could entail a maximum of five TIPPINGyears imprisonment OFF and/or an unlimited fine. It is an offence to make a disclosure which is likely to prejudice any investigation which might be conducted following the making of a Suspicious Activity Report. The crime of tipping off could entail a maximum 2 yrs

imprisonment/or• It an unlimited fine. facilitates the acquisition retention use or control of criminal property by or on behalf of another – is an offence to enter into or become concerned in an arrangement which he knows or suspects;

• It is an offence to acquire use or have possession of criminal property – penalty is a maximum of penalty is a maximum of Fourteen years imprisonment and/or an unlimited fine;

fourteen years imprisonment and/or an unlimited fine. GENERAL

If in doubt report your suspicion to the MLRO, you have then complied with your obligation. The MLRO will judge whether to report further to NCA. All contact with Law Enforcement Agencies will be handled by the

MLRO/NO or a MLRO nominated senior management person.

GCC Exchange considers any failure to comply with any of the relevant legal or regulatory requirements by any The MLRO/NO is responsible for providing information and updates to the legislation, as and when they occur. member of staff to be gross misconduct and could lead to immediate dismissal of that member of staff.

16 APPENDIX 2: GCC Exchange UK Ltd Suspicious Activity Report Form Please complete and present to UK MLRO

1. Source Ref: Date: ______Disclosure Type: Outlet: Related Disclosure ID: ______2. Main Subject – Suspect Legal Entity Name: Legal Entity Number: Customer/ Business Type: 3. Address Address of the Suspect: Registered Office: Current Address: 4. Information Information Type : Passport No/ID document number: Extra Information/Description: 5. Transaction Date: ...... Type: ...... Amount: ...... Currency: ...... Notes: ……………………………………………………………………………...... ………. Disclosed Account Name: ……………………… Account No: ...... Sort Code ………. 6. Reason for Suspicion & Activity Assessment:

Signature______For MLRO’s use: Received time & date :

Action/ disposal:

17 APPENDIX 3: COUNTRY RISK CLASSIFICATION new FATF evaluation) *: Country AML Risk classification as per Basel AML Index 2017 Scores and Rankings. (Overall score based on a Country Overall score Ranking Iran 8.60 1 Afghanistan 8.38 2 Guinea‐Bissau 8.35 3 Tajikistan 8.28 4 Laos 8.28 5 Mozambique 8.08 6 Mali 7.97 7 Uganda* 7.95 8 Cambodia 7.94 9 Tanzania 7.89 10 Kenya 7.72 11 Liberia 7.62 12 Myanmar 7.58 13 Nepal 7.57 14 Burkina Faso 7.54 15 Paraguay 7.53 16 Haiti 7.50 17 Vietnam 7.44 18 Zambia 7.43 19 Sao Tome And Principe 7.42 20 Niger 7.38 21 Benin 7.37 22 Bolivia 7.17 23 Lesotho 7.15 24 Sri Lanka* 7.15 25 Sierra Leone 7.14 26 Lebanon 7.07 27 Vanuatu* 7.02 28 Sudan 7.02 29 Panama 7.01 30 Cape Verde 6.99 31

18 Mauritania 6.92 32 Nigeria 6.90 33 Ghana 6.84 34 Trinidad and Tobago* 6.80 35 Zimbabwe* 6.80 36 Yemen 6.80 37 Marshall Islands 6.70 38 Gambia 6.70 39 Rwanda 6.69 40 Argentina 6.69 41 Dominican Republic 6.69 42 Turkey 6.65 43 Thailand 6.65 44 Nicaragua 6.64 45 Pakistan 6.64 46 Jamaica* 6.60 47 Namibia 6.59 48 Angola 6.55 49 Venezuela 6.53 50 China 6.53 51 Ukraine 6.52 52 Cote D'ivoire 6.51 53 Algeria 6.48 54 Timor‐Leste (East Timor) 6.43 55 Kazakhstan 6.42 56 Morocco 6.38 57 Ecuador 6.37 58 Tunisia* 6.37 59 Kyrgyzstan 6.33 60 Indonesia 6.32 61 Senegal 6.31 62 Guyana 6.24 63 Russia 6.22 64 Philippines 6.20 65 Brazil 6.20 66 Guatemala* 6.17 67 Papua New Guinea 6.13 68 Mongolia 6.10 69 Malaysia* 6.10 70 United Arab Emirates 6.06 72

19 Grenada 6.04 73 Botswana 6.02 74 Honduras* 5.97 75 St. Vincent &The Grenadines 5.96 76 Costa Rica* 5.93 77 Mauritius 5.92 78 Bosnia‐Herzegovina 5.91 79 Malawi 5.86 80 Bahrain 5.80 81 Bangladesh* 5.79 82 Serbia* 5.76 83 Mexico 5.75 84 Albania 5.75 85 St. Lucia 5.72 86 Egypt 5.66 87 India 5.58 88 Hong Kong SAR, China 5.54 89 Kuwait 5.53 90 El Salvador 5.48 91 Moldova 5.43 92 Saudi Arabia 5.43 93 Hungary* 5.41 94 Italy* 5.41 95 Luxembourg 5.40 96 Georgia 5.37 97 Japan 5.36 98 South Africa 5.32 99 Peru 5.25 100 Uruguay 5.16 101 Switzerland* 5.15 102 Canada* 5.14 103 Dominica 5.12 104 Greece 5.11 105 Macedonia 5.10 106 Qatar 5.10 107 Austria* 5.06 108 Chile 4.94 109 Netherlands 4.93 110 Jordan 4.90 111 Portugal 4.90 112

20 Korea, South 4.90 113 Spain* 4.87 114 Cyprus 4.87 115 United States* 4.85 116 Singapore* 4.83 117 United Kingdom 4.81 118 Azerbaijan 4.78 119 Slovakia 4.78 120 Germany 4.78 121 Montenegro 4.76 122 Belgium* 4.66 123 Ireland 4.62 124 Colombia 4.57 125 Czech Republic 4.57 126 Norway* 4.56 127 France 4.52 128 Romania 4.50 129 Poland 4.50 130 Australia* 4.49 131 Iceland 4.47 132 Latvia 4.44 133 Armenia* 4.44 134 Malta 4.37 135 Taiwan, China 4.34 136 Israel 4.25 137 Sweden* 4.25 138 Croatia 4.11 139 Denmark 4.05 140 Slovenia 4.02 141 New Zealand 3.91 142 Bulgaria 3.87 143 Estonia 3.83 144 Lithuania 3.67 145 Finland 3.04 146

21 APPENDIX 4: Application Form and AML & KYC Questionnaire I. General Information Legal Name of the Institution Address of Institution Date & Place of Incorporation Companies House Registration No Date & Place of Registration If authorised by regulator – Name of regulator and number Expiry Date of License / approval Main Business of Institution Products and Services offered Web Site of Institution Type of the Institution II. Business Activities List of Foreign Branches, Subsidiaries, if any (Attach additional sheet, if necessary) Country Type of the Institution No of Locations

Countries that the firm will send payments to

Type of customers Individuals (Retail) / Businesses/ wholesale Average size of transactions III. Ownership Information Institution Publicly Held, or Privately owned? If publicly Held, Stock Exchange Name Total no of shared and Capital of Shares List of Names of Principal Shareholders, more than 5% ownership Name of Shareholder Ownership % Country

IV. Directors and Principal Officers Information Names of Directors & Principal Officers (If necessary, please attach additional sheet) Name Position Contact Number Political Exposed Person, Y / N

22 V. General AML Policies, Practices and Procedures: ( If you answer “no” to any question, additional information can be supplied at the Yes No end of the questionnaire) 1. Is the AML compliance program approved by the firm’s senior management? 2. Does the firm have a legal and regulatory compliance program that includes a des- ignated officer that is responsible for coordinating and overseeing the AML frame- work? 3. Has the firm developed written policies documenting the processes that they have in place to prevent, detect and report suspicious transactions? 4. In addition to inspections by the government supervisors/regulators, does the firm’s have an internal audit function or other independent third party that assesses AML policies and practices on a regular basis? 5. Does the firm have policies to reasonably ensure that they will not conduct trans- actions with or on behalf of shell banks through any of its accounts or products? 6. Does the firm have policies covering relationships with Politically Exposed Persons (PEP’s), their family and close associates?

7. Does the firm have record retention procedures that comply with the law? 8. Are the firm’s AML policies and practices being applied to all branches and subsid- iaries of the firm both in the home country and in locations outside of that jurisdic- tion?

VI. Risk Assessment: Yes No

1. Does the firm have a risk-based assessment of its customer base and their trans- actions? 2. Does the firm determine the appropriate level of enhanced due diligence neces- sary for those categories of customers and transactions that the firm believes pose a heightened risk of illicit activities at or through the firm?

VII. KYC, Due Diligence & Enhanced Due Diligence: Yes No

1. Has the firm implemented processes for the identification of those customers on whose behalf it maintains or operates accounts or conducts transactions?

2. Does the firm have a requirement to collect information regarding its customers’ business activities?

3. Does the firm have a process to review and, where appropriate, update Customer information relating to high risk clients?

4. Does the firm have procedures to establish a record for each new customer noting their respective identification documents and ‘KYC’ information? 5. Does the firm complete a risk-based assessment to understand the normal and expected transactions of its customers?

23 VIII. Reportable Transactions and Prevention and Detection of Transactions Yes No with Illegally Obtained Funds:

1. Does the firm have policies or practices for the identification and reporting of transactions that are required to be reported to the authorities? 2. Where cash transaction reporting is mandatory, does the FI have procedures to identify transactions structured to avoid such obligations? 3. Does the firm screen customers and transactions against lists of persons, entities or countries issued by government/competent authorities? 4. Does the firm have policies to reasonably ensure that it only operates with corre- spondent banks that possess licenses to operate in their countries?

IX. Transaction Monitoring: Yes No

1. Does the firm have software that can check the transaction with the names on sanction lists or will it use the GCC Remit software platform? 2. If yes, is the firm’s software built in-house or provided by an external party? If provided by an external party, please specify the systems name.

X. Training & Record keeping Yes No

1. Does the firm provide AML training to relevant employees that includes: - Identification and reporting of transactions that must be reported - Examples of different forms of money laundering - Internal policies to prevent money laundering. 2. Does the firm retain records of its training sessions including attendance records and relevant training materials used?

Space for additional information if any: (Pl indicate the question to which it relates to) ......

24 APPLICATION AND SIGNATURE

We ______are herewith applying to become an agent of GCC Exchange UK Lim- ited. By signing this, we confirm that we, or through our affiliate(s)/subsidiary(s), do not deal or provide -ser vice directly/indirectly to Iran, Syria, Cuba, North Korea and Myanmar and shall abide by the AML policies of the principal. All the information provided above are correct and true to the best of my knowledge.

Date: Signature Company Seal

Name of Signatory Designation

Direct Telephone Number Mobile Number Website

e-Mail ID

PLEASE PROVIDE THE FOLLOWING DOCUMENTS:

1. FILLED UP APPLICATION & AML-KYC FORM

3. COPY OF CERTIFICATE OF INCORPORATION 2. COPY OF REGULATORY APPROVAL (IF A REGULATED ENTITY)

5. LAST 3 YEARS FINANCIAL STATEMENTS 4. COPY OF MEMORANDUM / ARTICLES OF ASSOCIATION 6. PASSPORT COPIES OF THE BOARD OF DIRECTORS 7. ANTI MONEY LAUNDERING POLICY 8. BOARD RESOLUTION FOR AUTHORIZED SIGNATORY or AUTHORISED SIGNATORY BOOKLET

25 APPENDIX 5: On Boarding Process note for Agents

Sl Information Required Particulars to be filled in Documents Required No:

Name of Applicant /Firm & i. Proof of Address 1. Address ii. Credit report on the firm

i. Company or partnership incorporation & 2. Constitution & Incorporation registration certificate

Countries the firm operates in & destinations of payment. 4. Are any of the countries on the UN/OFAC sanction list or classi- fied as Non-Cooperative? i. Extract from Registrar of companies, Details of the owners or if owned ii. Evidence of ownership, Fitness and Pro- by another entity (holding priety of the owners / managers of the agent 4. structure) & identify the ultimate - questionnaire to be filled up, KYC docs beneficial owners (BO) obtained & ‘Financial soundness of owners/BO directors. i. Any cases against the firm/ B.O (can be revealed by a search report); ‘’ Know your agent’’ checks on ii. Financial soundness – Balance sheet of firm honesty, integrity and reputation and net worth of beneficial owners certified by 5. of the beneficial owner/ managers auditor; and financial soundness of the iii. Reputation of the firm/ BOs - results of a firm Google search for negative news if any on the firm/ BO

iv. Obtain documents evidencing that the firm 6. Operational locations meets the legal obligations to function in these locations.

Whether the firm is regulated? i. Regulator’s authorisation certificate/ number 7. If yes by whom? Pl attach a CV of ii. CV of the compliance in charge. the compliance in charge.

Does the firm have policies and i. Pl obtain a copy of their AML policy and 8. procedures in place to manage the procedures they may have & check if it com- risk of Money Laundering? plies to UK’s MLR 2017 requirements

Are the Agents, their managers & i. Evidence of the training they have under- 9. staff conversant with or trained in gone AML regulations ?

26 APPENDIX 5: On Boarding Process note for Agents …….cont’d

Does the firm’s AML policy have 10. rules to handle PEP customers?

Was a physical inspection of the 11. firm carried out?

Whether manager/staff are capable of handling remittances 12. in terms of safety & transferring funds on line to our account?

Is the firm equipped and able to 13. obtain, store and transmit records electronically?

Is the firm’s record keeping good 14. and in tune with the record reten- tion requirements of UK..

Does the firm work as an agent with multiple principals? If so 15. please name the others and the rationale for adding us.

Who are the target customers 16. (retail / commercial) & indicative target pay out destinations?

Is the shop’s located where there 17. are many other money transfer agents?

27 APPENDIX 5: On Boarding Process note for Agents …….cont’d

MLRO’s appraisal/comments and approval

Risk Rating: Low Medium High

Approved / Not approved

Signature of MLRO

28 APPENDIX 6:

Fitness & Propriety Questionnaire

It must be completed per individual responsible for management of the agent

The fit and proper test

New regulation MLR2017, introduced new requirements in relation to the fit and proper testing and GCC is required to obtain fit and proper assessment form for all agents.

• The person applying to register the business This fit and proper test applies to GCC agents and their responsible persons: • The person running the business either on their own or in partnership

• Senior managers who are engaged directly in the provision of regulated activity • Officers of the business, including director and company secretary

• The nominated officer • A person who is in effect directing the business • Beneficial owners of the business

Personal Information Male Female

First name:______Last name:______Home Address:______City:______Postcode:______Home telephone:______Mobile telephone:______Years living in this address:______Years ______Months If less than 3 years at this address please provide address______Personal E-mail address:______

Passport No.:______Country of issue:______Expiry Date:______Driving License no(Full or Provisional)______Country of issue:______Expiry date:______EU-national ID: ______Country of issue:______Expiry Date:______Residence Permit No.: ______Country of issue:______Expiry Date:______National Insurance Number:______Nationality:______

Country of Birth:______Date of Birth(dd/mm/yyyy):______

- I certify that the above information is correct and undersigned that any financial services offered to me or my company by authorize GCC Exchange UK Limited and any consumer reporting agency employed by GCC Exchange UK Ltd. To receive (sole trader, partnership, corporation or otherwise) by GCC Exchange UK Limited will be conditional thereon. I (we) here and investigate the above information and any other information obtain from me(us) or from any other person relating in any way to my (our) eligibility to act as an Independent agent or System User of GCC Exchange UK Ltd. To make inquiries on all persons mentioned above and others having knowledge of me (us) and to answer inquiries from other persons as to liability what-so-ever to arise there from. my (our) conduct and qualification while serving as an Independent agent of GCC Exchange UK Ltd. all without causing any

Signed by: ______Date: _____ / _____ / ______29 Fitness and propriety Questionnaire Please note the following guidance:

• Please include matters in the UK and/or overseas when considering and answering the questions. management of the agent hold or have held a controlling or senior management position, during the time of the • References to “Your Business/Businesses” includes business at which any of the owners, directors/partners or relevant individual’s involvement and for one year thereafter. For the avoidance of doubt, the agent falls within the Your Business category.

Criminal proceedings

relating to a criminal offence? Yes ______No ______1. Have you or any of your Business ever been the subject of or involved in any investigation or arrest /charge

fraud? Yes______No ______2. Are you aware of any intention to begin procedures against you, another director, or the company for a debt/

3. Have you or any of your Businesses ever been party to any civil proceedings (including proceedings relating to, for example, fraud, negligence, wrongful trading or a debt) which resulted in a finding against you or your 4. Are you or any of your Businesses currently a party to civil proceedings or are you aware of any intention to business(es)? Yes ______No ______

5. Have you ever been dismissed, asked to resign or suspended from a position of employment or other role or begin civil proceedings against You or Your Business(es)? Yes ______No ______appointment? Yes ______No ______

6. Have you ever been disqualified from acting as a director or manager of a company or the subject of any misconduct related to business activities)? Yes ______No ______allegations, investigation or proceedings of a disciplinary nature (relating to, for example, malpractice or

under legislation relating to money laundering, companies, building societies, industrial and provident 7. Have you ever had unspent convictions for offences of dishonesty, fraud, financial or tax crime or an offence

companies, insurance, market manipulation and insider dealing, whether or not in the United Kingdom? societies, credit unions, friendly societies, banking, other financial services, insolvency, consumer credit Yes ______No ______Financial soundness

1. Have you ever:

(i) filed for bankruptcy: Yes ______No ______(ii) been declared bankrupt or insolvent; Yes ______No ______Yes ______No ______(iii) made arrangements with creditors (for example, under an individual voluntary arrangements);

agreement resulted from the proceedings)? Yes ______No ______(iv) been involved in any similar proceedings (whether or not such proceedings have completed or an order or

2. Have any of your Business ever:

(i) been put into liquidation or wound up; Yes ______No ______(ii) had a receiver / administrator appointed; Yes ______N0 ______(iii) made arrangements with its creditors; Yes ______No ______(iv) Otherwise ceased trading? Yes ______No ______30 Regulated activities 1. Have You or any of Your Business ever:

(i) Conducted activities (such as money transfer) without required prior authorisation or registration from a regulatory body (such as the FCA); Yes ______No ______Yes ______No ______(ii) been investigated for the possible carrying on of activities without the required authorisation /registration;

(iii) had any outstanding financial obligations(e.g. fees payable to a regulatory body) connected with carrying out regulated activities; Yes ______No ______Yes ______No ______(iv) had an agreement in relation to the carrying out of regulated activities terminated? 2. Have You or any of Your Business ever:

Yes ______No ______(i) been refused or had restricted any authorisation / registration from a regulatory body;

(ii) been criticised, investigated and / or penalised for failure to comply with regulatory obligations (including termination of an authorisation / registration); Yes ______No ______(iii) been required to produce information to any regulatory body; Yes ______No ______Yes ______No ______(iv) received a warning from any regulatory body relating to possible disciplinary action;

Yes ______No ______(v) decided to withdraw an application for authorisation/registration after submitting the application? 3. Have You or any of Your Business ever contravened any of the requirements and standards of HMRC or other regulatory agencies? Yes ______No ______authorities (including a previous regulator), clearing houses and exchanges, professional bodies, or government bodies or

Further information 3. If you have answered Yes to any of the above questions or if there is anything else that GCC UK Ltd should be aware of please give full details below: in relation to this application and the assessment of you as a fit and proper person to conduct money transfer activities ______

- I certify that the above information is correct and understand that any financial service offered to me or my company (sole ize GCC Exchange UK Ltd and any consumer reporting agency employed by GCC Exchange UK Ltd to receive and investigate trader, partnership, corporation or otherwise) by GCC Exchange UK Ltd. will be conditional thereon i(we) hereby author the above information and any other information obtained from me(us) or from any other person relating in any way to my - (our) eligibility to act as an independent agent of GCC Exchange UK Ltd. to make inquiries or all persons mentioned above and of others having knowledge of me (us) and to answer inquiries from other persons as to my (our) conduct and qual to arise there from ifications while serving as an Independent agent of GCC Exchange UK Ltd. all without causing any liability what-so-ever

Signature______Date ______

31 Previous experience Money Transfer Services 1. Have You or Your business ever been registered or licensed by FCA, HMRC or any other regulatory body to perform operations as a money transfer agent? Yes ______No ______If Yes:

Regulatory body Start date – End date Registration Number

2. Have You or Your Business at any moment been rejected by the FCA, HMRC or any other regulatory body to perform operations as a money transfer agent? Yes ______No ______If yes, please explain

3. Have you or the money transfer business terminated the contract for any reason? Yes ______No ______If yes, please explain

Work Experience 1. Please provide detailed information regarding your last two years experience

Duration employment (start- Company name Position / Title Job description ing date – end date)

2. What is the highest degree you obtained?

High School Bachelor’s Degree Postgraduate certificate Other Languages 1. Can you please give an indication of your language skills:

Language 1:______Native Advanced Intermediate Basic

Language 2:______Native Advanced Intermediate Basic

Language 3:______Native Advanced Intermediate Basic

SIGNATURE ______Date ______

32 APPENDIX 7:

DECLARATION OF HAVING READ THE AML POLICY

whistle blowing, anti bribery and corruption) of GCC Exchange UK Limited, understand its relevance to my role I, ______, the undersigned, declare that I have read the AML Policy (includes and its meaning. I do hereby agree to work in accordance with the policy.

Signature ______Date: ______

Declarant Name (print) ______Position in the organisation ______

Name of the organisation ______

Please complete, this form and return to the MLRO as soon as possible.

33 NOTES

______

______

34 GCC Exchange UK Limited. 90, High Street, Southall Middlesex-UB1 3DB, United Kingdom Tel: +44 208 571 2065 | Fax: +44 208 574 7279 Email: [email protected]