AML Policy | Axra

Axra (a product of GoFree Global Inc)

Effective Date: February 2026 Version: 1.0 Last Reviewed: February 16, 2026

1. Policy Statement & Commitment

GoFree Global Inc and its affiliates (collectively, "Axra," "we," "us," or "our") are committed to maintaining the highest standards of compliance with all applicable anti-money laundering (AML) and counter-financing of terrorism (CFT) laws and regulations. We recognize our responsibility to prevent our agentic banking and payments infrastructure from being exploited for money laundering, terrorist financing, fraud, or other illicit activities.

This Anti-Money Laundering and Counter-Financing of Terrorism Policy (the "Policy") establishes the framework for our AML/CFT compliance program and applies to all Axra operations, services, employees, agents, contractors, and business relationships.

Our Commitment

Axra is committed to:

Compliance: Full adherence to all applicable AML/CFT laws, regulations, and regulatory guidance in jurisdictions where we operate
Prevention: Implementing robust controls to prevent money laundering and terrorist financing
Detection: Maintaining systems and processes to detect suspicious activities and patterns
Reporting: Timely and accurate reporting of suspicious activities to relevant authorities
Transparency: Cooperating fully with law enforcement and regulatory investigations
Culture: Fostering a culture of compliance throughout our organization
Continuous Improvement: Regularly reviewing and enhancing our AML/CFT program

2. Regulatory Framework

Axra's AML/CFT program is designed to comply with applicable laws and regulations in all jurisdictions where we operate, including but not limited to:

United States

Bank Secrecy Act (BSA) and implementing regulations (31 CFR Chapter X)
USA PATRIOT Act and related AML provisions
FinCEN Regulations for Money Services Businesses (MSBs)
Office of Foreign Assets Control (OFAC) sanctions regulations
Financial Crimes Enforcement Network (FinCEN) guidance and advisories

Registration Details:

FinCEN MSB Registration Number: 20222296774
FinCEN License Number: 31000281485025

Canada

Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and regulations
FINTRAC Regulations for Money Services Businesses
Canadian Criminal Code provisions on money laundering and terrorist financing
Bank of Canada Retail Payments Activities Act (RPAA) requirements (registration in progress)

Registration Details:

FINTRAC Registration Number: 1001010436
FINTRAC License Number: C100000512

Other Jurisdictions

Nigeria: Applicable AML/CFT regulations and Central Bank of Nigeria directives
Rwanda: National Bank of Rwanda AML/CFT requirements
International Standards: Financial Action Task Force (FATF) Recommendations

Corporate Structure

Parent Entity: GoFree Global Inc (Delaware, USA)
Canadian Operations: GoFree Global Technology Limited (Canada)
Additional Entities: GoFree Global operations in Nigeria and Rwanda

3. Compliance Officer & Governance

AML/CFT Compliance Officer

Axra has designated a qualified AML/CFT Compliance Officer (the "Compliance Officer") who is responsible for:

Overseeing and managing the AML/CFT compliance program
Ensuring compliance with all applicable AML/CFT laws and regulations
Developing, implementing, and updating AML/CFT policies and procedures
Monitoring transactions and investigating suspicious activities
Filing Suspicious Activity Reports (SARs/STRs) and Currency Transaction Reports (CTRs)
Coordinating with law enforcement and regulatory authorities
Managing sanctions screening programs
Overseeing employee training and awareness programs
Reporting to senior management and the Board on AML/CFT matters
Maintaining records and documentation
Coordinating independent audits and testing

Governance Structure

The Compliance Officer reports directly to senior management and has direct access to the Board of Directors. The Compliance Officer has sufficient authority, independence, and resources to perform their duties effectively.

Escalation Process:

Compliance Officer reviews all alerts and suspicious activities
Material matters escalated to Chief Legal Officer and Chief Executive Officer
Significant matters reported to the Board of Directors
Regulatory reporting to FinCEN, FINTRAC, and other authorities as required

Contact Information

AML/CFT Compliance Officer Email: compliance@useaxra.com Address: [Corporate Address] Phone: [Compliance Hotline]

4. Risk Assessment Methodology

Axra conducts comprehensive risk assessments to identify, assess, and understand the money laundering and terrorist financing risks associated with our business activities, products, services, customers, and geographic locations.

Risk Assessment Framework

Our enterprise-wide AML/CFT risk assessment considers:

Customer Risk Factors

Identity Verification Level: NONE, BASIC, STANDARD, or ENHANCED
Customer Type: Individual, business, or platform
Customer Profile: Source of funds, occupation, business activities
Transaction Patterns: Volume, frequency, amounts, counterparties
Geographic Risk: Customer location and jurisdictions involved in transactions

Product and Service Risk Factors

Multi-Currency Wallets: Currency types, balances, transaction patterns
International Transfers: Cross-border payment risks, correspondent banking
Virtual Accounts: Account usage patterns, beneficiary relationships
Payment Processing: Merchant services, payment flows

Geographic Risk Factors

Prohibited Jurisdictions: Countries subject to comprehensive sanctions
Controlled Jurisdictions: High-risk countries with enhanced monitoring
Restricted Jurisdictions: Medium-risk countries with additional controls
Not High Risk: Lower-risk jurisdictions with standard monitoring

Channel Risk Factors

Digital-Only Operations: All transactions conducted electronically
No Cash Handling: Eliminates cash-related ML/TF risks
Third-Party Partners: Bridge.xyz and other service provider risks

Transaction Risk Factors

Transaction Size: Large or unusual transaction amounts
Transaction Velocity: Frequency and speed of transactions
Transaction Patterns: Structuring, rapid movement of funds, round amounts
Beneficiary Risk: Sanctions screening, high-risk jurisdictions

Risk Classification

Based on the risk assessment, we classify customers and transactions into risk categories:

Low Risk: Standard monitoring and controls
Medium Risk: Enhanced monitoring and periodic reviews
High Risk: Enhanced due diligence, continuous monitoring, senior management approval
Prohibited: Transaction blocked, account restricted, regulatory reporting

Risk Assessment Updates

Axra conducts:

Comprehensive Risk Assessments: Annually, or more frequently as needed
Targeted Assessments: Upon introduction of new products, services, or markets
Ad Hoc Assessments: In response to regulatory changes, emerging risks, or incidents

5. Customer Due Diligence (CDD)

Axra implements risk-based Customer Due Diligence (CDD) procedures to verify customer identities, understand the nature and purpose of customer relationships, and assess money laundering and terrorist financing risks.

KYC Tier System

Axra employs a tiered KYC approach with transaction limits based on verification level:

Tier 1: NONE (Email Only)

Verification Requirements:

Valid email address only

Transaction Limits:

$0 daily transfer limit (no outbound transfers permitted)
$0 monthly transfer limit
Receive-only account functionality

Use Case:

Initial account creation
Transitional state before identity verification

Risk Controls:

No outbound transfer capability
Funds held until identity verification completed
Mandatory upgrade required for any transaction activity

Tier 2: BASIC (Email + Phone)

Verification Requirements:

Valid email address
Valid phone number with SMS verification

Transaction Limits:

$1,000 USD equivalent per day
$5,000 USD equivalent per month

Use Case:

Low-value personal transactions
Entry-level users

Risk Controls:

Transaction velocity monitoring
Cumulative volume tracking
Automatic suspension if limits exceeded

Tier 3: STANDARD (Government ID + Selfie)

Verification Requirements:

Valid email address
Valid phone number
Government-issued photo ID (passport, driver's license, national ID)
Live selfie verification (liveness detection)
Identity verification via Bridge.xyz and/or Persona

Transaction Limits:

$10,000 USD equivalent per day
$50,000 USD equivalent per month

Information Collected:

Full legal name
Date of birth
Residential address
Nationality and country of residence
Government ID number and issuing authority

Use Case:

Standard personal and business transactions
Most retail customers

Risk Controls:

ID document verification (authenticity, validity, tampering detection)
Biometric matching (selfie to ID photo)
Sanctions screening against 75+ global lists
Transaction monitoring and pattern analysis

Tier 4: ENHANCED (Enhanced Due Diligence)

Verification Requirements:

All STANDARD tier requirements, plus:
Source of funds documentation
Source of wealth documentation (for high-net-worth individuals)
Business verification documents (for business accounts)
Beneficial ownership information (for entities)
Enhanced background checks

Transaction Limits:

$50,000 USD equivalent per day
$250,000 USD equivalent per month

Use Case:

High-value transactions
Business and platform accounts
PEPs and high-risk customers (if approved)

Risk Controls:

Continuous transaction monitoring
Periodic account reviews (at least annually)
Senior management approval required
Enhanced sanctions screening (including adverse media)
Real-time transaction alerts

Beneficial Ownership Requirements

For business and entity accounts, Axra collects and verifies:

Beneficial Owners: Individuals who own 25% or more of the entity
Control Persons: Individuals with significant management control
Information Required: Name, date of birth, residential address, identification documents

Customer Information Updates

Axra maintains current customer information through:

Periodic Reviews: Risk-based review frequency (annually for high-risk, every 2-3 years for lower-risk)
Event-Driven Updates: Changes in customer circumstances, transaction patterns, or risk profile
Customer Notifications: Proactive outreach requesting information updates
Transaction Monitoring: Identification of information inconsistencies during monitoring

Simplified Due Diligence

Axra does not apply simplified due diligence procedures given the digital nature of our services and the risk profile of our customer base.

6. Enhanced Due Diligence (EDD)

Axra applies Enhanced Due Diligence (EDD) procedures to customers and transactions that present higher money laundering or terrorist financing risks.

EDD Triggers

Enhanced due diligence is required for:

Politically Exposed Persons (PEPs)

Definition:

Individuals who hold or have held prominent public positions
Immediate family members of PEPs
Close associates of PEPs

PEP Categories:

Foreign PEPs (senior foreign political figures)
Domestic PEPs (senior domestic political figures)
International organization PEPs (senior officials of international organizations)

EDD Requirements for PEPs:

Senior management approval for account opening
Enhanced identity verification and background screening
Source of wealth and source of funds documentation
Ongoing monitoring of transactions and account activity
Periodic reviews (at least annually)
Enhanced sanctions and adverse media screening

High-Risk Jurisdictions

Customers or transactions involving:

Prohibited Jurisdictions: Account opening declined
Controlled Jurisdictions: Enhanced verification and monitoring required
Restricted Jurisdictions: Additional documentation and approval required
FATF High-Risk Countries: Countries identified by FATF as having strategic AML/CFT deficiencies

EDD Requirements for High-Risk Jurisdictions:

Enhanced identity verification
Source of funds documentation
Purpose of transaction documentation
Compliance Officer review and approval
Continuous transaction monitoring

Large Transactions

Transactions meeting or exceeding:

$10,000 USD equivalent in a single transaction
$25,000 USD equivalent in aggregated transactions within 24 hours
$50,000 USD equivalent in cumulative monthly transactions (for STANDARD tier)

EDD Requirements for Large Transactions:

Source of funds verification
Purpose of transaction documentation
Beneficiary due diligence
Compliance Officer review (for amounts over $25,000)
Enhanced transaction monitoring

High-Risk Business Activities

Customers engaged in:

Money services businesses
Cryptocurrency exchanges or trading platforms
Casinos and gaming operations
Arms dealing or defense contracting
Precious metals or gemstone dealers
Non-profit organizations (particularly those operating in high-risk jurisdictions)
Cash-intensive businesses

EDD Requirements for High-Risk Businesses:

Business licensing and registration verification
Regulatory compliance documentation
Enhanced beneficial ownership verification
Business premises verification
Transaction monitoring with lower alert thresholds

Complex Ownership Structures

Entities with:

Multiple layers of ownership
Offshore structures or shell companies
Bearer shares or nominee arrangements
Trusts or other opaque structures

EDD Requirements for Complex Structures:

Full beneficial ownership chain documentation
Purpose and legitimacy of structure documentation
Source of funds for all beneficial owners
Legal opinion or professional verification
Senior management approval

Unusual Transaction Patterns

Customers exhibiting:

Transactions inconsistent with customer profile
Sudden changes in transaction patterns
Structuring or layering patterns
Unexplained source of funds
Complex transaction routing

EDD Requirements for Unusual Patterns:

Enhanced transaction monitoring
Customer interview and documentation
Re-verification of customer information
Investigation by Compliance Officer
Consideration of suspicious activity reporting

EDD Documentation

For all EDD cases, Axra collects and maintains:

Source of Funds: Documentation demonstrating the origin of funds (bank statements, employment contracts, sale agreements, etc.)
Source of Wealth: Documentation explaining the customer's overall wealth accumulation (business ownership, inheritance, investments, etc.)
Purpose of Relationship: Detailed explanation of why the customer needs Axra's services
Expected Transaction Activity: Anticipated transaction volumes, amounts, frequencies, and counterparties
Supporting Documentation: Business licenses, financial statements, contracts, tax returns, etc.

EDD Approval Process

Initial Review: Compliance Officer reviews all EDD triggers
Documentation Collection: Request and collect all required EDD documentation
Risk Assessment: Comprehensive risk assessment of customer and relationship
Senior Management Approval: Approval required from Chief Legal Officer or CEO
Ongoing Monitoring: Enhanced monitoring with lower alert thresholds
Periodic Review: At least annual review of EDD customers

EDD Rejection Criteria

Axra will decline to establish or continue business relationships when:

Customer refuses to provide required EDD information
Information provided is insufficient, inconsistent, or suspicious
Customer is located in or transacting with Prohibited Jurisdictions
Risk assessment determines relationship presents unacceptable ML/TF risk
Adverse information identified during screening (sanctions, criminal activity, etc.)

7. Ongoing Monitoring

Axra maintains continuous monitoring of customer accounts and transactions to detect unusual or suspicious activities that may indicate money laundering, terrorist financing, or other illicit conduct.

Transaction Monitoring Program

Our automated transaction monitoring system analyzes all transactions in real-time and on a batch basis to identify:

Velocity Checks

Daily Transfer Velocity:

Monitoring of transaction frequency within 24-hour periods
Alerts for rapid-fire transfers (multiple transactions in short timeframes)
Comparison against customer historical patterns
Tier-based velocity thresholds

Thresholds:

BASIC: >5 transactions per day or >$1,000 aggregate
STANDARD: >10 transactions per day or >$10,000 aggregate
ENHANCED: >20 transactions per day or >$50,000 aggregate

Cumulative Volume Monitoring

Monthly Volume Tracking:

Aggregation of all inbound and outbound transfers
Comparison against tier limits and historical averages
Automatic suspension when tier limits exceeded
Trend analysis for unusual increases

Monitoring Parameters:

30-day rolling cumulative totals
Month-over-month growth rates
Comparison to customer profile and stated activity
Deviation alerts (>200% increase from baseline)

Suspicious Pattern Detection

Structuring Detection:

Multiple transactions just below reporting thresholds
Pattern of consistent amounts designed to avoid detection
Timing patterns suggesting coordinated activity
Split transactions to the same beneficiary

Rapid Movement of Funds:

Funds received and immediately transferred out
Minimal time between deposit and withdrawal
Pass-through account behavior
Lack of legitimate business purpose

High-Risk Jurisdiction Transfers:

Transactions involving Prohibited, Controlled, or Restricted countries
Unusual routing through multiple jurisdictions
Transactions with no apparent economic purpose involving high-risk countries
Patterns of transfers to/from sanctioned or high-risk regions

Round Amount Transactions:

Unusually round transaction amounts (e.g., exactly $10,000)
Pattern of round amounts across multiple transactions
Inconsistent with customer profile or business type

Unusual Transaction Types:

Transactions inconsistent with customer profile or business
Sudden changes in transaction patterns
Transactions with inadequate explanation or documentation
Transactions involving known high-risk activities

Beneficiary Concentration:

High percentage of transactions to single beneficiary
Sudden addition of multiple new beneficiaries
Beneficiaries in high-risk jurisdictions
Beneficiaries with sanctions screening concerns

Alert Management

Alert Generation:

Automated rules-based alert generation
Risk scoring for prioritization
Alert queuing for Compliance Officer review
Escalation procedures for high-priority alerts

Alert Investigation:

Initial Review: Compliance Officer reviews alert and transaction details
Customer Profile Analysis: Review customer information, history, and risk rating
Transaction Analysis: Analyze transaction purpose, counterparties, and patterns
Additional Information: Request customer explanation if needed
Risk Determination: Assess whether activity is suspicious or consistent with legitimate business
Disposition: Close alert, escalate for investigation, or prepare SAR/STR

Alert Resolution Timeframes:

Low-priority alerts: Within 5 business days
Medium-priority alerts: Within 3 business days
High-priority alerts: Within 24 hours
Critical alerts (sanctions, terrorism): Immediate review

Account Activity Reviews

Risk-Based Review Frequency:

Low Risk: Every 3 years or as needed
Medium Risk: Every 2 years
High Risk: Annually or more frequently
Enhanced Due Diligence Customers: At least annually

Review Components:

Customer information accuracy and currency
Transaction activity consistency with customer profile
Changes in risk profile or circumstances
Sanctions screening update
Assessment of ongoing relationship appropriateness

Transaction Audit Trail

All transactions are logged with comprehensive audit trails including:

Transaction ID and timestamp
Customer ID and KYC tier
Transaction amount and currency
Source and destination details
Beneficiary information
Purpose of transaction
IP address and device information
User agent and session details
Sanctions screening results
AML monitoring flags and alerts
Approval/rejection status and authorizing party

Retention Period: 7 years from transaction date

Monitoring System Capabilities

Axra's transaction monitoring system provides:

Real-Time Screening: Immediate sanctions and AML checks at transaction initiation
Batch Processing: Daily comprehensive analysis of all account activity
Pattern Recognition: Machine learning and statistical models for anomaly detection
Risk Scoring: Dynamic risk scoring of customers and transactions
Case Management: Workflow system for alert investigation and documentation
Reporting: Management dashboards and regulatory reporting capabilities
Audit Trail: Complete documentation of all monitoring activities and decisions

8. Sanctions Screening Program

Axra maintains a comprehensive sanctions screening program to ensure compliance with economic sanctions and to prevent transactions involving sanctioned individuals, entities, or jurisdictions.

Sanctions Lists Screened

Axra screens against 75+ sanctions and enforcement lists via the Dilisense API, including:

United States

OFAC Sanctions Lists:
- Specially Designated Nationals (SDN) List
- Consolidated Sanctions List
- Sectoral Sanctions Identifications (SSI) List
- Foreign Sanctions Evaders (FSE) List
- Non-SDN entities subject to blocking orders
- Palestinian Legislative Council (PLC) List

United Nations

UN Security Council Sanctions Lists:
- UN Consolidated List
- UN Al-Qaida Sanctions List
- UN ISIL/Da'esh and Al-Qaida Sanctions List
- Country-specific UN sanctions lists

European Union

EU Sanctions Lists:
- EU Consolidated Financial Sanctions List
- EU Terrorism List
- Country and entity-specific sanctions

United Kingdom

HM Treasury Sanctions Lists:
- UK Financial Sanctions List
- UK Consolidated List
- Country and entity-specific UK sanctions

Other Global Lists

World Bank Ineligible Firms and Individuals List
Interpol Most Wanted Lists
Canadian Sanctions Lists (Global Affairs Canada)
Australian Sanctions Lists (DFAT)
Additional jurisdictional sanctions lists (Japan, Switzerland, Singapore, etc.)

Politically Exposed Persons (PEPs)

Global PEP databases
Domestic and foreign PEPs
PEP family members and close associates

Adverse Media and Enforcement

Financial crime enforcement actions
Money laundering and terrorist financing cases
Adverse media screening for reputational risk

Screening Triggers

Sanctions screening is performed:

At Registration

Customer Onboarding: Automatic screening of all new customers during account creation
Information Collected: Name, date of birth, address, nationality, identification documents
Pre-Funding Check: Screening must clear before account is activated for transactions

At Beneficiary Creation

New Beneficiary Addition: Automatic screening when customer adds new transfer beneficiary
Information Screened: Beneficiary name, account details, bank information, jurisdiction
Pre-Transaction Check: Beneficiary must clear screening before first transaction is permitted

At Transaction Initiation

Real-Time Screening: Immediate screening of customer and beneficiary at transaction attempt
Transaction Details: Amount, destination, purpose, routing information
Dynamic Lists: Screening against most current sanctions lists (updated daily)

Periodic Re-Screening

Customer Re-Screening: Quarterly re-screening of all active customers
Beneficiary Re-Screening: Quarterly re-screening of all saved beneficiaries
Watchlist Updates: Re-screening triggered when sanctions lists are updated
Event-Driven: Re-screening upon changes to customer information or risk profile

Screening Methodology

Fuzzy Matching:

Name variation algorithms to account for spelling differences, transliterations, aliases
Date of birth matching with allowance for data quality issues
Address and nationality matching
Configurable match score thresholds

False Positive Reduction:

Weighted scoring based on data quality and match strength
Contextual analysis (e.g., age consistency, jurisdiction relevance)
Whitelisting of confirmed false positives (with periodic review)
Manual review of all potential matches

Match Scoring:

100% match: Exact match on all critical fields → BLOCK
95-99% match: Very high confidence → HOLD for review
85-94% match: High confidence → Manual review required
75-84% match: Moderate confidence → Enhanced review
<75% match: Low confidence → Clear with documentation

Match Handling Procedures

Confirmed Sanctions Match (True Positive)

Immediate Action:
- Transaction blocked immediately
- Account frozen/restricted
- Customer notification (if legally permissible)
- Asset freezing in compliance with sanctions regulations
Compliance Review:
- Comprehensive investigation by Compliance Officer
- Documentation of all findings
- Determination of sanctions violation scope
- Assessment of potential licensing opportunities (if applicable)
Regulatory Reporting:
- Filing with OFAC (for U.S. sanctions): Within 10 business days
- Filing with Global Affairs Canada (for Canadian sanctions): Immediately
- Filing with other applicable authorities as required
- SAR/STR filing for suspicious activity
- Terrorist Property Report (if terrorism-related)
Ongoing Obligations:
- Asset maintenance (no disbursement without authorization)
- Periodic reporting to OFAC/regulators
- Legal and licensing consultation
- Complete documentation and record retention

Potential Match Requiring Review

Transaction Hold: Transaction placed on hold pending investigation
Investigation: Compliance Officer conducts detailed investigation within 24 hours
Enhanced Screening: Additional database checks, adverse media, public records
Documentation: Collection of additional customer information if needed
Determination: Clear determination of true positive vs. false positive
Resolution:
- False Positive: Whitelist entry, transaction approval, customer notification
- True Positive: Follow confirmed match procedures above

False Positive Determination

Documentation: Detailed documentation of why match is false positive
Whitelisting: Addition to false positive whitelist to prevent future alerts
Transaction Approval: Immediate processing of held transaction
Customer Communication: Explanation of brief delay (if customer inquired)
Periodic Review: Quarterly review of whitelisted items

Compliance Alerts

All sanctions screening hits generate compliance alerts that are:

Logged in the compliance case management system
Assigned to Compliance Officer for immediate review
Tracked through resolution with complete audit trail
Reported to senior management (for confirmed matches)
Retained for 7 years

OFAC 50% Rule

Axra applies OFAC's 50% Rule, which provides that:

Entities owned 50% or more by one or more sanctioned persons are themselves blocked
Entities owned 50% or more in the aggregate by multiple sanctioned persons are blocked
Ownership determinations include direct and indirect ownership interests

Application:

Beneficial ownership screening during onboarding and EDD
Entity ownership structure analysis
Blocked party aggregation analysis
Legal entity screening in addition to individual screening

Prohibited Transactions

Axra prohibits:

Transactions with sanctioned individuals or entities
Transactions involving blocked property or interests
Transactions that would violate comprehensive country sanctions
Facilitation of transactions for or on behalf of sanctioned parties
Evasion or circumvention of sanctions requirements

Sanctions Licensing

In limited circumstances, Axra may apply for specific licenses from OFAC or other sanctions authorities to:

Reject blocked property
Process humanitarian transactions
Wind down existing relationships
Other legally permissible activities

Licensing Process:

Legal counsel consultation
Detailed license application preparation
Submission to appropriate authority
No transactions pending approval (unless authorized)
Strict compliance with license terms and conditions

9. Suspicious Activity Reporting (SARs/STRs)

Axra files Suspicious Activity Reports (SARs) with FinCEN (United States) and Suspicious Transaction Reports (STRs) with FINTRAC (Canada) when we detect transactions or patterns of activity that may involve money laundering, terrorist financing, fraud, or other financial crimes.

Reporting Obligations

FinCEN SAR Filing (United States)

Mandatory Reporting: SARs must be filed when:

Transaction or pattern of transactions involves or aggregates to $5,000 or more
AND Axra knows, suspects, or has reason to suspect that the transaction:
- Involves funds derived from illegal activity
- Is designed to evade Bank Secrecy Act requirements
- Has no business or lawful purpose
- Involves use of Axra to facilitate criminal activity

Timing:

File within 30 calendar days after initial detection
If no suspect identified on Day 30, additional 30 days to identify suspect (60 days total)
Critical cases (terrorism, ongoing criminal activity): File immediately

Form: FinCEN SAR (BSA E-Filing System)

FINTRAC STR Filing (Canada)

Mandatory Reporting: STRs must be filed when:

There are reasonable grounds to suspect that a transaction or attempted transaction is related to:
- Money laundering offense
- Terrorist activity financing offense

Timing:

File within 30 days of detecting facts giving rise to reasonable grounds to suspect

Form: FINTRAC STR (FINTRAC Web Reporting System)

Red Flags and Suspicious Activity Indicators

Axra investigates and considers filing SARs/STRs for the following indicators:

Structuring and Smurfing

Multiple transactions just below reporting thresholds ($10,000 CTR threshold)
Patterns suggesting deliberate avoidance of reporting requirements
Use of multiple accounts or identities to structure transactions
Transactions split across multiple days or beneficiaries

Unusual Transaction Patterns

Transactions inconsistent with customer's business or profile
Sudden unexplained increases in transaction volume or amounts
Transactions with no apparent economic or lawful purpose
Complex transaction routing without business justification

Identity Concerns

Suspicious or potentially false identification documents
Reluctance to provide information or documentation
Multiple customers using the same identification or address
Customers using third-party identities or acting as nominees

High-Risk Jurisdictions

Transactions involving sanctioned countries or high-risk jurisdictions
Transfers to/from jurisdictions known for terrorism, drug trafficking, or financial crime
Transactions routed through multiple high-risk jurisdictions
No apparent business reason for transactions with high-risk countries

Rapid Movement of Funds

Funds deposited and immediately transferred out
Pass-through account behavior with minimal retention
Circular transactions (funds return to origin after multiple transfers)
No legitimate business reason for rapid fund movement

Terrorism Financing Indicators

Transactions to/from countries or entities associated with terrorism
Transfers to charitable organizations with terrorism concerns
Small transactions to multiple high-risk locations
Customers with connections to known terrorist organizations
Transactions following terrorism events or alerts

Fraud Indicators

Customer claims fraud or unauthorized transaction after completion
Beneficiary information changes immediately before large transaction
Transaction based on misrepresentation or false pretenses
Romance scams, business email compromise, or other fraud patterns

Sanctions Evasion

Attempts to transact with sanctioned parties
Use of intermediaries to obscure beneficial owner
Transactions structured to evade sanctions screening
False beneficiary information to disguise sanctioned party

Customer Behavior

Reluctance to provide information about transaction purpose
Customer exhibits unusual knowledge of AML requirements
Customer attempts to avoid contact with financial institution
Customer nervous or evasive when questioned
Customer makes statements suggesting money laundering or illegal activity

SAR/STR Investigation Process

Initial Alert or Detection:
- Transaction monitoring alert
- Employee observation or report
- Customer due diligence concern
- Law enforcement inquiry
- Third-party notification
Preliminary Review:
- Compliance Officer reviews initial information
- Determination whether investigation warranted
- Assignment of investigation priority
Investigation:
- Review of customer profile and account history
- Analysis of transaction patterns and activities
- Review of all available customer information and documentation
- Enhanced screening (sanctions, adverse media, public records)
- Consultation with relevant employees or departments
- Collection of supporting documentation
Determination:
- Assessment whether activity is suspicious
- Evaluation of whether SAR/STR filing threshold met
- Documentation of analysis and conclusion
- Senior management consultation for complex cases
SAR/STR Preparation:
- Completion of SAR/STR form with all required information
- Narrative describing suspicious activity in detail
- Attachment of supporting documentation
- Review by Compliance Officer
- Approval by senior management (for significant cases)
Filing:
- Electronic filing via FinCEN BSA E-Filing System (U.S.)
- Electronic filing via FINTRAC Web Reporting System (Canada)
- Secure retention of filed report and supporting documentation
- Log in SAR/STR tracking system
Post-Filing:
- Ongoing monitoring of customer and related accounts
- Enhanced monitoring for continuing suspicious activity
- Consideration of customer relationship continuation
- Response to any law enforcement follow-up inquiries

SAR/STR Content Requirements

SARs/STRs include:

Subject Information: Name, address, date of birth, identification numbers, account numbers
Suspicious Activity Dates: When activity occurred or was detected
Transaction Details: Amounts, dates, types, instruments, account numbers
Narrative Description: Detailed explanation of why activity is suspicious, who is involved, what occurred, when, where, and how
Supporting Documentation: Account statements, transaction records, identification documents, correspondence

Confidentiality

SAR/STR filing is strictly confidential:

No Customer Notification: Customer is NOT notified that SAR/STR has been filed
No Disclosure: SAR/STR filing is NOT disclosed to customer or third parties
Limited Internal Access: Access restricted to compliance personnel, senior management, and legal counsel on need-to-know basis
Document Security: SARs/STRs maintained in secure, segregated filing system
Prohibition on Tipping Off: Federal crime to disclose SAR/STR filing or investigation to subject

Exception: Disclosure permitted to law enforcement, regulators, and certain other financial institutions for AML purposes.

Continuing Activity SARs

For continuing suspicious activity previously reported:

File continuing activity SAR every 90 days (U.S.) or as activity continues (Canada)
Reference prior SAR/STR filings
Update narrative with new information or developments
Maintain ongoing monitoring and documentation

Account Closure

SAR/STR filing does not automatically require account closure. Axra evaluates:

Severity and nature of suspicious activity
Risk of continuing relationship
Regulatory guidance and expectations
Law enforcement interest in maintaining account open
Risk to Axra's reputation and compliance program

Decision Process:

Compliance Officer recommendation
Senior management approval
Legal counsel consultation (for complex cases)
Gradual relationship wind-down (if appropriate)
Documentation of decision rationale

10. Currency Transaction Reports (CTRs)

Axra files Currency Transaction Reports (CTRs) with FinCEN for currency transactions exceeding $10,000 USD in accordance with Bank Secrecy Act requirements.

CTR Reporting Thresholds

Mandatory Filing: CTR must be filed for:

Currency transactions exceeding $10,000 USD
Multiple currency transactions aggregating to more than $10,000 USD conducted by or on behalf of the same person in one business day

Form: FinCEN Currency Transaction Report (CTR) - FinCEN Form 112

Timing: Within 15 calendar days after the transaction date

Applicability to Axra's Operations

Given Axra's digital-only operations:

No Cash Transactions: Axra does not handle physical currency (cash, coins) in any form. All transactions are conducted electronically through:

Bank transfers (ACH, wire, SWIFT)
Card payments
Blockchain-based transfers
Digital payment rails

CTR Filing Obligation: As Axra does not conduct currency transactions, CTR filings are generally not applicable to our business operations.

Monitoring for Equivalent Reporting: While CTRs are not filed, Axra maintains awareness of:

Large transaction monitoring (for amounts exceeding $10,000 USD)
Structuring patterns that would be reportable if involving currency
Potential SAR filing obligations for suspicious activity involving large transactions

Large Transaction Monitoring

Although CTRs are not filed, Axra implements controls for large transactions:

Monitoring Thresholds:

Transactions ≥ $10,000 USD: Enhanced monitoring flag
Transactions ≥ $25,000 USD: Compliance Officer review
Transactions ≥ $50,000 USD: Enhanced due diligence verification

Review Process:

Automatic system alert for large transaction
Review of customer profile and transaction history
Verification of source of funds (if not previously documented)
Assessment of transaction consistency with customer profile
Consideration of SAR filing if activity is suspicious
Documentation of review and decision

Structuring Detection

Axra's transaction monitoring system detects potential structuring patterns that would be reportable if involving currency:

Multiple transactions just below $10,000 USD
Pattern suggesting deliberate avoidance of reporting threshold
Aggregation of transactions to same beneficiary
Timing patterns consistent with structuring

Response to Structuring Detection:

Investigation by Compliance Officer
Review of customer intent and explanation
Consideration of SAR filing for suspicious structuring patterns
Enhanced monitoring of customer account

Record Keeping

Axra maintains records of all transactions exceeding $10,000 USD, including:

Transaction amount and currency
Date and time of transaction
Customer information and account details
Source and destination information
Purpose and nature of transaction
Supporting documentation

Retention Period: 7 years from transaction date

Future Applicability

If Axra's business model changes to include currency transactions (cash handling, currency exchange, etc.):

CTR filing procedures will be implemented immediately
Staff will be trained on CTR requirements and procedures
Systems will be updated to capture required CTR information
This policy will be updated to reflect CTR filing obligations

11. Record Keeping

Axra maintains comprehensive records of customer information, transactions, and compliance activities in accordance with Bank Secrecy Act, PCMLTFA, and other applicable record-keeping requirements.

Retention Period

Standard Retention: 7 years from the date of the record or transaction, or longer if required by applicable law or regulation.

Ongoing Matters: Records relating to ongoing investigations, litigation, or regulatory matters are retained until the matter is fully resolved and the standard retention period has elapsed.

Customer Records

Axra maintains the following customer records:

Identity Verification Records

Government-issued identification documents (passport, driver's license, national ID)
Selfie photographs and liveness detection results
Identity verification reports from Bridge.xyz and Persona
Address verification documents
Date of birth and nationality information

Customer Due Diligence (CDD) Records

Customer application and account opening information
Risk assessment and risk rating documentation
Customer profile information (occupation, source of funds, expected activity)
Beneficial ownership information (for entities)
Enhanced due diligence documentation (for high-risk customers)

Ongoing Monitoring Records

Periodic review documentation
Customer information updates
Risk rating changes and rationale
Account activity reviews
Customer correspondence related to AML/CFT matters

Sanctions Screening Records

Initial screening results at onboarding
Periodic re-screening results
Match investigation documentation
False positive determinations and whitelisting
Enhanced screening results (adverse media, PEP status)

Transaction Records

Axra maintains comprehensive transaction records including:

Transaction Details

Transaction ID and timestamp (date and time)
Transaction amount and currency
Exchange rates applied
Source account and customer information
Destination account and beneficiary information
Bank details and payment routing information
Transaction type and payment method
Purpose of transaction
Transaction status (completed, pending, rejected, cancelled)

Transaction Audit Trail

IP address and geolocation
Device information and user agent
Session ID and authentication details
AML monitoring results and flags
Sanctions screening results
Approval/rejection decisions and authorizing parties
System logs and timestamps

Supporting Documentation

Customer instructions or authorization
Source of funds documentation (for large or high-risk transactions)
Invoices, contracts, or other business documentation
Correspondence related to transaction
Third-party verification or confirmation

AML/CFT Compliance Records

Axra maintains records of all AML/CFT compliance activities:

Policy and Procedures

AML/CFT policy and all amendments
Risk assessment methodology and results
AML/CFT procedures and training materials
Independent audit reports and findings
Regulatory examination reports and responses

Monitoring and Investigations

Transaction monitoring alerts and investigations
Alert disposition documentation (closed, escalated, SAR filed)
Suspicious activity investigations and analysis
SAR/STR filings and supporting documentation (maintained separately with strict access controls)
Enhanced due diligence investigations

Regulatory Reporting

Currency Transaction Reports (CTRs) - if applicable
Suspicious Activity Reports (SARs) and supporting documentation
Suspicious Transaction Reports (STRs) to FINTRAC
Sanctions blocking reports to OFAC and other authorities
Large Cash Transaction Reports (LCTRs) - if applicable
Electronic Funds Transfer Reports (EFTRs) to FINTRAC

Training and Compliance

Employee training records (dates, topics, attendance, test results)
Compliance Officer appointment and qualifications
Management and Board reporting
Regulatory correspondence and submissions
Third-party due diligence (service providers, partners)

Business Correspondence

Axra maintains records of:

Customer inquiries and complaints related to AML/CFT matters
Requests for documentation or information
Account closure correspondence
Subpoenas, law enforcement requests, and regulatory inquiries
Responses to government or regulatory requests

Record Format and Storage

Electronic Records:

Primary storage in secure, encrypted databases and document management systems
Access controls and authentication requirements
Regular backups with offsite storage
Version control and audit trail of changes
System logs of record access and modifications

Physical Records:

Secure storage in locked, access-controlled facilities (if applicable)
Document tracking and inventory system
Climate-controlled environment to prevent deterioration

Record Availability

Records must be:

Accessible: Retrievable promptly upon request by authorized personnel or regulators
Complete: Containing all required information elements
Legible: Readable and understandable
Organized: Systematically filed and indexed for efficient retrieval
Secure: Protected against unauthorized access, alteration, or destruction

Record Destruction

Records are destroyed only:

After the required retention period has elapsed
After any legal holds or regulatory holds are lifted
In accordance with documented record destruction procedures
With appropriate security measures (secure deletion, shredding)
With documentation of destruction date and method

Regulatory Access

Axra provides records to regulators and law enforcement:

Promptly: Within timeframes specified by regulator (typically 5-10 business days, or shorter for urgent matters)
Completely: All records responsive to the request
Organized: In a format that facilitates review
Securely: Via secure transmission methods or secure access portal

Third-Party Recordkeeping

When Axra relies on third parties (Bridge.xyz, Persona, etc.) for certain AML/CFT functions:

Written agreements require third parties to maintain records for required retention period
Axra maintains right to access third-party records
Axra retains ultimate responsibility for recordkeeping compliance
Periodic verification that third parties maintain required records

12. Prohibited Jurisdictions

Axra does not provide services to customers located in, or facilitate transactions involving, jurisdictions that present unacceptable money laundering, terrorist financing, sanctions, or other compliance risks.

Prohibited Countries (Comprehensive Restrictions)

Axra prohibits account opening and all transactions involving the following jurisdictions:

Sanctioned Jurisdictions

Comprehensive U.S. Sanctions Programs (OFAC):

Afghanistan (Taliban-controlled areas)
Belarus
Burundi
Central African Republic
Cuba
Democratic People's Republic of Korea (North Korea)
Eritrea
Iran
Lebanon (certain sanctioned entities)
Libya
Mali
Myanmar (Burma) - certain entities and sectors
Nicaragua
Russia (comprehensive sanctions)
Somalia
South Sudan
Sudan (Darfur region)
Syria
Ukraine (Crimea, Donetsk, and Luhansk regions)
Venezuela (Maduro regime)
Yemen (certain entities)
Zimbabwe (certain entities and individuals)

High-Risk and Non-Cooperative Jurisdictions

FATF High-Risk Jurisdictions (Call for Action):

Democratic People's Republic of Korea (North Korea)
Iran
Myanmar

FATF Jurisdictions Under Increased Monitoring (Grey List): (As of February 2026 - subject to updates)

Albania
Barbados
Burkina Faso
Cambodia
Cayman Islands
Democratic Republic of the Congo
Gibraltar
Haiti
Jamaica
Jordan
Mali
Mozambique
Panama
Philippines
Senegal
South Africa
South Sudan
Syria
Tanzania
Turkey (Türkiye)
Uganda
United Arab Emirates (enhanced monitoring)
Vietnam
Yemen

State Sponsors of Terrorism

U.S. State Sponsors of Terrorism:

Cuba
Democratic People's Republic of Korea (North Korea)
Iran
Syria

Other Prohibited Jurisdictions

Somalia (weak governance, terrorism risks)
Iraq (certain regions - ongoing conflict zones)

Controlled Jurisdictions (Enhanced Due Diligence Required)

Transactions involving the following jurisdictions are permitted only with Enhanced Due Diligence, Compliance Officer approval, and continuous monitoring:

Enhanced Monitoring Jurisdictions

China (People's Republic) - capital controls, monitoring concerns
Hong Kong - increased controls following national security law
Pakistan - terrorism financing risks, weak AML enforcement
Egypt - political instability, weak institutions
Lebanon - economic crisis, Hezbollah concerns
Morocco - human trafficking, corruption risks
Tunisia - political instability, terrorism concerns
Bangladesh - weak AML controls, corruption
Indonesia - terrorism financing risks
Malaysia - money laundering concerns
Thailand - human trafficking, weak enforcement
Argentina - capital controls, economic instability
Brazil - corruption, organized crime
Bolivia - drug trafficking, weak institutions
Colombia - drug trafficking, despite improvements
Ecuador - money laundering hub, weak controls
Peru - drug trafficking, corruption
Paraguay - smuggling, weak institutions
Ukraine (government-controlled areas) - conflict zone, corruption

EDD Requirements for Controlled Jurisdictions:

Enhanced identity verification
Source of funds documentation
Purpose of transaction documentation
Beneficial ownership verification
Compliance Officer approval for transactions >$5,000 USD
Continuous transaction monitoring

Restricted Jurisdictions (Additional Controls)

Transactions involving the following jurisdictions require additional documentation and monitoring:

Medium-Risk Jurisdictions

Nigeria - fraud risks, weak AML enforcement, but significant legitimate economy
Kenya - money laundering concerns, terrorism financing risks
Ghana - emerging AML framework, fraud risks
Ethiopia - weak institutions, conflict concerns
Tanzania - grey list jurisdiction, weak controls
Uganda - corruption, weak enforcement
Mozambique - terrorism, weak institutions
Cameroon - corruption, weak controls

Additional Controls for Restricted Jurisdictions:

Purpose of transaction required
Beneficiary verification
Transaction pattern monitoring
Periodic account reviews

Not High Risk (Standard Controls)

The following jurisdictions are subject to standard AML/CFT controls with no enhanced restrictions:

Low-Risk Jurisdictions

North America:

United States
Canada

Western Europe:

European Union member states (excluding grey list countries)
United Kingdom
Switzerland
Norway
Iceland

Asia-Pacific:

Australia
New Zealand
Japan
South Korea
Singapore

Other:

Israel
Chile
Costa Rica
Uruguay

Standard Controls for Low-Risk Jurisdictions:

Standard KYC/CDD procedures
Regular transaction monitoring
Routine sanctions screening
Risk-based account reviews

Dynamic Risk Assessment

Axra continuously monitors global developments affecting jurisdiction risk:

FATF Updates: Quarterly review of FATF high-risk and grey list changes
Sanctions Developments: Real-time monitoring of new sanctions designations
Regulatory Guidance: Review of FinCEN, FINTRAC, and other regulatory advisories
Geopolitical Events: Assessment of conflicts, regime changes, and instability
Emerging Threats: Monitoring of terrorism, trafficking, and transnational crime trends

Jurisdiction Classification Updates

This jurisdiction classification is reviewed and updated:

Quarterly: Scheduled review of all jurisdiction risk ratings
Ad Hoc: Upon FATF list updates, new sanctions, or significant events
Annual: Comprehensive review as part of enterprise risk assessment

Communication of Updates:

Policy updates distributed to all staff
Transaction monitoring rules updated
Customer communication (if services are discontinued in jurisdiction)

Customer Impact

Customers in Prohibited Jurisdictions:

Cannot open new accounts
Existing accounts (if any) will be closed in orderly manner
Funds returned in compliance with sanctions regulations (if applicable)

Customers Transacting with Prohibited Jurisdictions:

Transactions blocked automatically
Customer notified of restrictions
Compliance alert generated for review

Customers in Controlled/Restricted Jurisdictions:

Enhanced due diligence required for onboarding or transactions
Transaction limits may be imposed
More frequent account reviews

Sanctions Compliance

All jurisdiction restrictions are implemented in coordination with sanctions screening to ensure:

Compliance with OFAC, UN, EU, HMT, and other sanctions programs
Blocking of prohibited transactions
Asset freezing when required
Timely regulatory reporting

13. Employee Training

Axra provides comprehensive AML/CFT training to all employees, agents, contractors, and authorized representatives to ensure awareness of money laundering and terrorist financing risks, regulatory requirements, and internal policies and procedures.

Training Requirements

Initial Training

New Hire Training:

Provided to all employees within 30 days of hire
Covers fundamental AML/CFT concepts and Axra's program
Role-specific training based on responsibilities
Assessment to verify understanding
Documentation of completion

Content:

Overview of money laundering and terrorist financing
Regulatory framework (BSA, PCMLTFA, FinCEN, FINTRAC)
Axra's AML/CFT policy and procedures
Customer due diligence and identity verification
Transaction monitoring and suspicious activity detection
Red flags and warning signs
Reporting obligations and procedures
Sanctions screening requirements
Record keeping requirements
Confidentiality and non-disclosure obligations

Annual Refresher Training

All Employees:

Comprehensive refresher training provided annually
Updates on regulatory changes and emerging risks
Review of recent case studies and typologies
Assessment to verify continued understanding
Documentation of completion

Content Updates:

New regulations, guidance, or enforcement actions
Changes to Axra's policies and procedures
Emerging money laundering and terrorist financing trends
Recent Axra incidents or lessons learned (anonymized)
Industry best practices and regulatory expectations

Role-Specific Training

Compliance Team:

Advanced AML/CFT training covering complex topics
Transaction monitoring and alert investigation techniques
SAR/STR preparation and filing procedures
Enhanced due diligence methodologies
Sanctions compliance and OFAC regulations
Regulatory examination preparation
Industry conferences and professional development

Customer Service and Operations:

Customer onboarding and KYC procedures
Identity verification requirements
Escalation procedures for suspicious activity
Handling of customer inquiries related to AML/CFT
Transaction processing controls

Engineering and Product Teams:

AML/CFT technology requirements and system controls
Data security and privacy considerations
Transaction monitoring rule configuration
Sanctions screening API integration
Audit trail and logging requirements

Senior Management:

Enterprise risk management perspectives
Regulatory expectations for Board and senior management
Compliance program effectiveness assessment
Strategic AML/CFT initiatives
Regulatory examination and enforcement trends

Specialized Training

Topics Covered as Needed:

Fraud detection and prevention
Cryptocurrency and blockchain AML considerations
Trade-based money laundering
Human trafficking and smuggling indicators
Politically exposed persons (PEPs) identification
Beneficial ownership verification techniques
Complex corporate structures analysis
Sanctions evasion techniques
Terrorism financing typologies

Training Methodology

Delivery Methods:

Online learning management system (LMS) modules
Live instructor-led sessions (virtual or in-person)
Workshops and case study exercises
Webinars on emerging topics
Self-study materials and reference guides

Assessment and Certification:

Knowledge assessment quizzes or exams
Minimum passing score required (typically 80%)
Remedial training for employees not meeting standard
Certificate of completion upon successful assessment
Annual recertification requirement

Training Content Development

Training materials are:

Current: Updated regularly to reflect regulatory changes and emerging risks
Relevant: Tailored to Axra's business model and risk profile
Practical: Include real-world examples and case studies
Engaging: Use multimedia, interactive elements, and scenarios
Accessible: Available to all employees through learning management system

Training Record Keeping

Axra maintains comprehensive training records including:

Employee name and position
Date of training completion
Training topic and materials provided
Assessment scores and certification
Training provider (internal or external)
Acknowledgment of understanding

Retention Period: 7 years after employment termination

Accountability

Employee Responsibility: All employees are required to complete training on time
Manager Responsibility: Managers ensure team members complete required training
Compliance Oversight: Compliance Officer monitors training completion rates
Consequences: Failure to complete training may result in disciplinary action, up to and including termination

New Product or Service Training

When Axra introduces new products, services, or markets:

Training materials updated to address new risks and controls
Supplemental training provided to affected employees
Assessment of training effectiveness before product launch
Ongoing training as product evolves

Training Effectiveness Assessment

Axra assesses training effectiveness through:

Knowledge Assessments: Test scores and pass rates
Feedback Surveys: Employee feedback on training quality and relevance
Performance Metrics: Quality of alert investigations, SAR narratives, CDD documentation
Audit Findings: Independent testing of employee knowledge and compliance
Regulatory Feedback: Examiner comments on training program adequacy

Continuous Improvement

Based on effectiveness assessments, Axra:

Updates training content and delivery methods
Addresses knowledge gaps identified through testing or audits
Incorporates regulatory feedback and industry best practices
Enhances training for areas with higher error rates or compliance issues

Third-Party Training

Axra employees may attend external training programs including:

ACAMS (Association of Certified Anti-Money Laundering Specialists) certification courses
FinCEN and FINTRAC webinars and guidance
Industry conferences and seminars
Legal and regulatory updates from law firms or consultants
Professional development courses

Training Budget

Axra allocates sufficient budget for:

Learning management system and training platform
Content development and updates
External training programs and certifications
Industry conferences and events
Subject matter expert instructors

14. Independent Audit & Testing

Axra conducts regular independent testing and auditing of its AML/CFT compliance program to assess effectiveness, identify deficiencies, and ensure ongoing compliance with regulatory requirements.

Independent Testing Requirement

Regulatory Requirement:

FinCEN regulations (31 CFR 1022.210) require MSBs to provide for independent testing of AML compliance
FINTRAC expects MSBs to have mechanisms to test compliance program effectiveness
Testing must be conducted by independent personnel or external auditors

Axra's Commitment:

Annual independent testing of AML/CFT program at minimum
More frequent testing for high-risk areas or following significant changes
Testing conducted by qualified internal audit function or external audit firm
Independence from AML compliance function

Scope of Independent Testing

Independent testing covers all elements of Axra's AML/CFT program:

Policy and Procedures Review

Assessment of AML/CFT policy comprehensiveness and currency
Review of procedures for clarity, completeness, and consistency with policy
Evaluation of procedures against regulatory requirements and industry standards
Identification of gaps or deficiencies

Risk Assessment

Review of enterprise AML/CFT risk assessment methodology
Assessment of risk assessment comprehensiveness (customer, product, geographic, channel risks)
Evaluation of risk rating accuracy and appropriateness
Testing of risk-based approach application

Customer Due Diligence (CDD)

Sample testing of customer onboarding and identity verification
Assessment of KYC documentation completeness and quality
Testing of tier classification accuracy
Review of enhanced due diligence for high-risk customers
Evaluation of beneficial ownership verification (for entities)
Testing of customer information currency and update procedures

Sanctions Screening

Testing of sanctions screening at onboarding, beneficiary creation, and transaction
Assessment of screening list comprehensiveness (75+ lists)
Evaluation of match scoring methodology and thresholds
Testing of alert investigation and disposition procedures
Review of false positive determinations
Assessment of OFAC 50% Rule application

Transaction Monitoring

Testing of transaction monitoring rules and scenarios
Assessment of alert generation appropriateness and completeness
Evaluation of alert investigation quality and documentation
Testing of alert disposition decisions (close, escalate, SAR)
Review of monitoring system tuning and false positive rates
Assessment of lookback adequacy when rules are adjusted

Suspicious Activity Reporting

Review of SAR/STR decision-making process
Assessment of SAR narrative quality and completeness
Testing of filing timeliness (30-day requirement)
Evaluation of SAR supporting documentation
Testing of continuing activity SAR procedures
Review of SAR confidentiality controls

Record Keeping

Testing of record retention compliance (7-year requirement)
Assessment of record completeness and accessibility
Review of document management system controls
Testing of record destruction procedures
Evaluation of regulatory request response capabilities

Training

Review of training program comprehensiveness and currency
Assessment of training completion rates and timeliness
Testing of employee knowledge through interviews or assessments
Evaluation of training effectiveness measures
Review of role-specific training adequacy

Information Systems

Assessment of AML/CFT system functionality and performance
Testing of system controls and security
Review of system change management procedures
Evaluation of data integrity and audit trail completeness
Testing of system disaster recovery and business continuity

Governance and Management Oversight

Review of Compliance Officer authority and independence
Assessment of management and Board reporting
Evaluation of compliance program resources and staffing
Review of senior management engagement and accountability

Testing Methodology

Independent testing employs various methodologies:

Sample Testing: Statistical sampling of customers, transactions, and alerts
File Reviews: Detailed review of CDD files, investigations, and SARs
System Testing: Review of system configurations, rules, and thresholds
Interviews: Discussions with compliance, operations, and management personnel
Benchmarking: Comparison to industry standards and regulatory expectations
Process Walkthroughs: Step-by-step review of key processes
Data Analytics: Analysis of transaction data, alert data, and program metrics

Testing Frequency

Annual Comprehensive Testing:

Full scope testing of all AML/CFT program elements
Conducted by independent internal audit or external auditor
Report issued to senior management and Board

Periodic Focused Testing:

Quarterly or semi-annual testing of high-risk areas
Targeted testing following significant changes (new products, system implementations)
Follow-up testing of prior audit findings

Continuous Monitoring:

Ongoing quality assurance reviews by Compliance Officer
Real-time system monitoring and performance metrics
Management information reporting and dashboard reviews

Independence Requirements

To ensure independence and objectivity:

Internal Audit:

Reports to Board Audit Committee or CEO (not Compliance Officer)
No operational responsibilities for AML/CFT compliance function
Free from conflicts of interest

External Auditor:

Independent audit firm with AML/CFT expertise
No consulting or advisory relationship with Axra that would impair independence
Rotation of engagement partners as appropriate

Audit Findings and Remediation

Finding Classification:

Critical: Significant deficiency presenting substantial compliance risk (immediate action required)
High: Material deficiency requiring prompt remediation
Medium: Moderate deficiency to be addressed within reasonable timeframe
Low: Minor observation or best practice recommendation

Remediation Process:

Management Response: Written response to each finding with remediation plan and timeline
Responsibility Assignment: Designation of responsible party for each remediation action
Tracking: Monitoring of remediation action status by Compliance Officer
Validation: Testing of remediation effectiveness by auditor
Escalation: Critical and High findings reported to senior management and Board
Follow-Up: Follow-up audit or testing to verify remediation completion

Remediation Timeframes:

Critical findings: Immediate action (within 30 days)
High findings: 60 days
Medium findings: 90 days
Low findings: Next audit cycle or 180 days

Reporting

Audit Report Content:

Executive summary of scope, approach, and key findings
Detailed findings with risk ratings and recommendations
Assessment of overall program effectiveness
Comparison to prior audit and status of previous findings
Management responses and remediation plans

Distribution:

Compliance Officer
Chief Legal Officer
Chief Executive Officer
Board of Directors (or Audit Committee)
Regulatory authorities (upon request)

Board Reporting:

Annual presentation of audit results to Board
Discussion of significant findings and remediation actions
Assessment of compliance program adequacy and effectiveness
Discussion of resources, staffing, and strategic initiatives

Regulatory Expectations

Axra's independent testing program is designed to meet regulatory expectations including:

FinCEN Guidance: Compliance with FinCEN expectations for MSB independent testing
FINTRAC Guidance: Alignment with FINTRAC compliance program requirements
FFIEC BSA/AML Examination Manual: Consideration of examination procedures and expectations
Industry Standards: Adherence to industry best practices and standards (e.g., Wolfsberg Group, FATF)

Program Improvements

Audit findings drive continuous improvement:

Policy Updates: Revisions to AML/CFT policy and procedures based on findings
System Enhancements: Technology improvements to address deficiencies
Training Enhancements: Additional or revised training to address knowledge gaps
Process Improvements: Streamlining or strengthening of compliance processes
Resource Allocation: Staffing or budget adjustments to address capacity issues

15. Regulatory Cooperation

Axra is committed to full cooperation with law enforcement agencies, financial regulators, and other authorities in their efforts to combat money laundering, terrorist financing, and other financial crimes.

Regulatory Authorities

Axra cooperates with:

United States

Financial Crimes Enforcement Network (FinCEN) - Primary AML regulator
Office of Foreign Assets Control (OFAC) - Sanctions enforcement
Federal Bureau of Investigation (FBI) - Criminal investigations
Department of Homeland Security (DHS) - Terrorism and border security
Internal Revenue Service (IRS) - Tax crimes and money laundering
Drug Enforcement Administration (DEA) - Drug trafficking investigations
U.S. Secret Service - Financial crimes investigations
State regulators - State money transmitter licensing authorities

Canada

Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) - AML/CFT regulator
Royal Canadian Mounted Police (RCMP) - Federal policing and investigations
Canada Border Services Agency (CBSA) - Border enforcement
Canadian Security Intelligence Service (CSIS) - National security
Bank of Canada - Retail payments oversight (RPAA)
Provincial regulators - Provincial money services licensing authorities

Other Jurisdictions

Nigerian Financial Intelligence Unit (NFIU) - Nigerian AML/CFT
Central Bank of Nigeria - Financial regulation
National Bank of Rwanda - Rwandan financial regulation
Financial Investigation Unit Rwanda - Rwandan FIU
International organizations - Interpol, Egmont Group, FATF

Forms of Cooperation

Information Requests

Subpoenas and Legal Process:

Prompt response to subpoenas, court orders, and legal process
Verification of legal process authenticity
Production of records within specified timeframes
Legal counsel review for privilege or legal issues
Documentation of response and records provided

Regulatory Inquiries:

Timely response to FinCEN, FINTRAC, and other regulator requests
Provision of customer records, transaction data, and compliance documentation
Cooperation with regulatory examinations and investigations
Transparent communication regarding compliance issues

Law Enforcement Requests:

24/7 emergency contact procedures for urgent requests
Prompt response to law enforcement inquiries
Provision of transactional data, account information, and evidence
Coordination with legal counsel on sensitive matters
Secure transmission of information

Regulatory Examinations

FinCEN and FINTRAC Examinations:

Advance preparation and document gathering
Onsite or virtual examination support
Access to personnel, systems, and records
Transparent discussion of compliance program
Prompt response to examination findings and recommendations

Examination Cooperation:

Designated contact person for examiners
Conference room and technology access (for onsite exams)
Timely response to document requests and questions
Exit interview participation
Remediation action plans for identified deficiencies

Suspicious Activity Reporting

SAR/STR Filing:

Timely filing of Suspicious Activity Reports with FinCEN (U.S.)
Timely filing of Suspicious Transaction Reports with FINTRAC (Canada)
Complete and detailed narrative descriptions
Supporting documentation and evidence
Follow-up information if requested by authorities

Law Enforcement Follow-Up:

Response to law enforcement inquiries regarding filed SARs
Provision of additional information or evidence as requested
Testimony or witness cooperation if needed
Ongoing monitoring and supplemental reporting

Sanctions Compliance

OFAC Reporting:

Immediate blocking of transactions involving sanctioned parties
Filing of blocked property reports with OFAC within 10 business days
Annual reports of blocked property (if applicable)
Voluntary self-disclosure of sanctions violations
Cooperation with OFAC investigations and licensing requests

Asset Freezing:

Immediate account freezing upon sanctions match
No disbursement without OFAC authorization
Maintenance of blocked assets in interest-bearing accounts
Periodic reporting and account statements to OFAC

Investigations Support

Evidence Preservation:

Preservation of records and data for ongoing investigations
Legal holds to prevent record destruction
Forensic data collection and analysis support
Chain of custody documentation

Witness Cooperation:

Employee interviews and testimony
Deposition and trial testimony
Expert witness assistance from Compliance Officer
Document authentication and foundation testimony

Information Sharing

314(a) Information Requests (U.S.):

Response to FinCEN 314(a) information requests within 14 days
Search of customer and transaction databases for named subjects
Reporting of positive matches to FinCEN
Confidentiality of 314(a) requests and responses

314(b) Information Sharing (U.S.):

Voluntary information sharing with other financial institutions
Sharing of information regarding suspected money laundering or terrorism
Executed 314(b) agreements with information sharing partners
Appropriate use and confidentiality of shared information

Cross-Border Cooperation:

Response to foreign law enforcement requests (via proper legal channels)
Mutual legal assistance treaty (MLAT) cooperation
International organization cooperation (Interpol, Egmont Group)

Confidentiality and Legal Protections

Legal Protections for Reporting:

Safe harbor protections for SAR/STR filing (31 U.S.C. § 5318(g)(3))
Immunity from liability for disclosure to authorities
Prohibition on customer notification of SAR filing
Confidentiality of SAR information

Information Security:

Secure transmission methods for sensitive information
Encryption and access controls
Verification of recipient identity before information release
Audit trail of information disclosures

Legal Review:

Legal counsel consultation for complex or sensitive requests
Review for privilege, privacy, or legal compliance issues
Coordination with law enforcement on legal concerns
Documentation of legal analysis and decisions

Non-Compliance and Enforcement

Axra takes regulatory enforcement seriously and will:

Voluntary Self-Disclosure: Proactively disclose material compliance violations to regulators
Cooperation: Fully cooperate with regulatory investigations and enforcement actions
Remediation: Promptly remediate identified deficiencies and implement corrective actions
Accountability: Hold responsible personnel accountable for compliance failures
Transparency: Provide complete and accurate information to regulators

Regulatory Reporting

Routine Reporting:

MSB registration renewals with FinCEN (every 2 years) and FINTRAC (as required)
Bank of Canada RPAA reporting (when registration complete)
State and provincial licensing reporting requirements
CTR/SAR/STR statistical reporting

Material Change Reporting:

Changes to business model, products, or services
Changes to ownership or control
Changes to AML Compliance Officer
Material compliance incidents or breaches

Incident Reporting:

Cybersecurity incidents affecting customer information
Data breaches involving AML/CFT data
Significant fraud or financial crime incidents
Suspicious activity involving employees

Point of Contact

Primary Regulatory Contact: AML/CFT Compliance Officer Email: compliance@useaxra.com Phone: [Compliance Hotline] Address: [Corporate Address]

Legal Contact: Chief Legal Officer Email: legal@useaxra.com Phone: [Legal Department Phone]

24/7 Emergency Contact: [Emergency Contact Information for Urgent Law Enforcement Matters]

16. Technology & Systems

Axra leverages advanced technology and systems to support and enhance its AML/CFT compliance program, enabling effective monitoring, screening, and risk management at scale.

AML/CFT Technology Stack

Customer Onboarding and KYC

Identity Verification Partners:

Bridge.xyz: Primary KYC/identity verification provider for STANDARD and ENHANCED tiers
Persona: Alternative identity verification provider
Capabilities:
- Government ID verification (authenticity, validity, tampering detection)
- Biometric matching (selfie to ID photo)
- Liveness detection (anti-spoofing)
- Identity document data extraction
- Database verification (government records, credit bureaus)

Customer Data Management:

Secure customer database with encrypted storage
AES-256-GCM field encryption via CryptoService for sensitive data (enc: prefix)
Customer tiering system (NONE, BASIC, STANDARD, ENHANCED)
Beneficial ownership tracking for entity accounts
Customer risk rating system

Sanctions Screening

Dilisense API Integration:

Real-time sanctions screening via Dilisense API
Comprehensive coverage: 75+ global sanctions and enforcement lists
Lists Screened:
- OFAC (SDN, Consolidated, SSI, FSE, PLC)
- UN Security Council (Consolidated, Al-Qaida, ISIL/Da'esh)
- EU Consolidated Financial Sanctions
- HM Treasury (UK) Financial Sanctions
- World Bank Ineligible Firms
- Interpol Most Wanted
- PEP databases
- Adverse media and enforcement lists

Screening Points:

Customer registration (onboarding)
Beneficiary creation (new transfer recipients)
Transaction initiation (real-time)
Periodic re-screening (quarterly batch)
Watchlist update triggers

Screening Methodology:

Fuzzy matching algorithms for name variations
Weighted scoring based on match confidence
Configurable match thresholds by risk level
False positive whitelisting
Manual review workflow for potential matches

Transaction Monitoring

Monitoring Capabilities:

Real-time transaction analysis at initiation
Batch daily monitoring of all account activity
Pattern detection and anomaly identification
Risk scoring and alert prioritization

Monitoring Rules and Scenarios:

Velocity Monitoring:
- Daily transaction count thresholds
- Daily aggregate amount thresholds
- Rapid-fire transaction detection (<5 minutes between transactions)
- Comparison to customer baseline patterns
Cumulative Volume Monitoring:
- 30-day rolling transaction totals
- Comparison to tier limits and historical averages
- Month-over-month growth rate alerts
- Deviation from expected activity (>200% increase)
Structuring Detection:
- Multiple transactions just below $10,000 USD (CTR threshold)
- Pattern of consistent amounts to avoid reporting
- Aggregation to same beneficiary across multiple transactions
- Timing patterns suggesting coordination
Rapid Fund Movement:
- Time between deposit and withdrawal (<24 hours)
- Pass-through account behavior (funds in/out with minimal retention)
- Circular transaction patterns
- Funds received and immediately transferred
High-Risk Jurisdiction Monitoring:
- Transactions to/from Prohibited countries (blocked)
- Transactions to/from Controlled countries (enhanced review)
- Transactions to/from Restricted countries (documentation required)
- Unusual routing through multiple high-risk jurisdictions
Round Amount Alerts:
- Transactions in exact round amounts (e.g., $10,000.00)
- Patterns of round amounts across multiple transactions
- Inconsistency with customer type or business
Customer Profile Deviation:
- Transactions inconsistent with stated purpose or business
- Sudden changes in transaction patterns
- Transaction types inconsistent with customer profile
- Source/destination inconsistent with customer
Large Transaction Alerts:
- Transactions ≥ $10,000 USD
- Transactions ≥ $25,000 USD (Compliance Officer review)
- Transactions ≥ $50,000 USD (enhanced due diligence)

Alert Management:

Alert queue and case management system
Risk-based prioritization
Investigation workflow and documentation
Disposition tracking (closed, escalated, SAR)
Audit trail of all investigations and decisions

Audit Trail and Logging

Comprehensive Logging via RequestContextInterceptor:

IP address and geolocation capture
User agent and device information
Session ID and authentication context
Transaction details and amounts
Sanctions screening results
AML monitoring flags and alerts
System access and modifications
Timestamp and user identification

Storage and Retention:

Secure log storage with access controls
Immutable audit trail (no modification after creation)
7-year retention period
Efficient search and retrieval capabilities
Integration with compliance case management

Data Security and Encryption

CryptoService (AES-256-GCM):

Field-level encryption for sensitive customer data
Encrypted fields marked with "enc:" prefix
Secure key management and rotation
Encryption at rest and in transit

Additional Security Controls:

Role-based access controls (RBAC)
Multi-factor authentication for system access
Network segmentation and firewalls
Intrusion detection and prevention systems
Regular security assessments and penetration testing

Redis and Session Management

RedisService with Circuit Breaker:

Global Redis module for distributed caching
Circuit breaker pattern for resilience
Session management and authentication
Token storage with reverse-lookup pattern (key:{token} → userId)
Distributed locking for transaction safety

Use Cases:

Transfer confirmation codes (15-minute TTL)
Rate limiting and velocity controls
Real-time alert queuing
Performance optimization

Reporting and Analytics

Management Information Dashboards:

Customer onboarding metrics (by tier, by country)
Transaction volume and value trends
Alert generation and disposition statistics
SAR/STR filing counts and trends
False positive rates and system performance
Customer risk distribution
High-risk jurisdiction activity

Regulatory Reporting:

SAR/STR preparation and filing
CTR preparation (if applicable in future)
FinCEN and FINTRAC electronic filing
Sanctions blocking reports
Automated report generation and submission

Data Analytics:

Trend analysis and anomaly detection
Customer segmentation and risk profiling
Transaction pattern analysis
Effectiveness metrics (detection rates, false positives)
Benchmarking against industry standards

System Performance and Reliability

Availability:

99.9% uptime target for AML/CFT systems
Redundancy and failover capabilities
Disaster recovery and business continuity plans
Regular backup and restoration testing

Performance:

Real-time screening (<2 seconds per transaction)
Daily batch monitoring completion within processing window
Alert investigation tools with fast query response
Scalability to handle transaction volume growth

Monitoring:

System health monitoring and alerting
Performance metrics and dashboards
Error logging and exception handling
Capacity planning and optimization

System Change Management

Change Control:

Formal change request and approval process
Testing in development and staging environments
User acceptance testing (UAT) for major changes
Documentation of changes and rationale
Rollback procedures for failed deployments

AML Impact Assessment:

Evaluation of AML/CFT impact for system changes
Compliance Officer review of monitoring rule changes
Lookback analysis when rules are modified
Training for staff on system changes

Third-Party Technology Vendors

Vendor Management:

Due diligence on AML/CFT technology vendors
Contractual requirements for security, availability, and compliance
Service level agreements (SLAs) and performance monitoring
Regular vendor reviews and assessments
Business continuity and disaster recovery requirements

Key Vendors:

Bridge.xyz (KYC/identity verification)
Persona (identity verification)
Dilisense (sanctions screening)
[Database provider]
[Cloud infrastructure provider]

Technology Roadmap

Continuous Improvement:

Regular assessment of AML/CFT technology needs
Evaluation of emerging technologies (AI/ML for monitoring)
System enhancements based on audit findings and regulatory feedback
Investment in automation and efficiency
Adoption of industry best practices and standards

Future Enhancements:

Machine learning for improved transaction monitoring
Network analysis for complex relationship detection
Natural language processing for SAR narrative quality
Enhanced data visualization and analytics
API integrations with additional data sources

17. Policy Review & Updates

This Anti-Money Laundering and Counter-Financing of Terrorism Policy is a living document that is regularly reviewed and updated to ensure continued effectiveness and compliance with evolving regulatory requirements, emerging risks, and industry best practices.

Review Frequency

Annual Comprehensive Review

Timing: At least annually, or more frequently as needed

Scope:

Complete review of all policy sections and procedures
Assessment of policy effectiveness and relevance
Evaluation against current regulatory requirements and guidance
Comparison to industry best practices and standards
Incorporation of audit findings and regulatory feedback
Review of significant compliance incidents or issues

Responsibility: AML/CFT Compliance Officer, with input from Legal, Operations, and senior management

Approval: Senior management and Board of Directors

Event-Driven Reviews

Policy review is triggered by:

Regulatory Changes: New laws, regulations, or regulatory guidance affecting AML/CFT requirements
Business Changes: New products, services, markets, or customer segments
Risk Assessment Updates: Changes in enterprise risk assessment or risk profile
Audit Findings: Significant independent audit findings requiring policy changes
Regulatory Feedback: Examination findings or regulatory recommendations
Significant Incidents: Material compliance failures, breaches, or enforcement actions
Technology Changes: Implementation of new AML/CFT systems or capabilities
Industry Developments: Emerging money laundering or terrorist financing typologies and trends

Continuous Monitoring

Ongoing Activities:

Monitoring of regulatory developments (FinCEN, FINTRAC, FATF, etc.)
Review of regulatory advisories, guidance, and enforcement actions
Participation in industry forums and working groups
Tracking of emerging risks and typologies
Assessment of policy effectiveness through metrics and KPIs

Update Process

Identification of Need for Update:
- Compliance Officer identifies need based on review or triggering event
- Scope of required changes determined
- Priority and timeline established
Drafting of Updates:
- Compliance Officer drafts policy revisions
- Legal counsel review for legal and regulatory compliance
- Consultation with affected departments (Operations, Product, Engineering)
- Consideration of implementation requirements and impacts
Internal Review and Comment:
- Distribution of draft to senior management for review
- Comment period for feedback and suggestions
- Revision based on feedback
Approval:
- Senior management review and approval
- Board of Directors approval (for material changes)
- Documentation of approval date and approvers
Implementation:
- Communication of policy changes to all employees
- Training on updated policy and procedures
- System and process updates to reflect policy changes
- Documentation updates (procedures, training materials, forms)
Effectiveness Monitoring:
- Monitoring of policy implementation and compliance
- Assessment of policy effectiveness
- Collection of feedback from staff and stakeholders
- Adjustments as needed

Version Control

Policy Versioning:

Each policy update receives a new version number
Version history maintained with summary of changes
Effective date clearly indicated
Superseded versions retained for record-keeping purposes

Current Version:

Version: 1.0
Effective Date: February 2026
Last Reviewed: February 16, 2026
Next Scheduled Review: February 2027 (or sooner if needed)

Communication of Updates

Policy updates are communicated through:

All-Staff Email: Notification of policy update with summary of key changes
Training: Supplemental training on material policy changes
Policy Portal: Updated policy posted on internal compliance portal
Management Briefing: Presentation to senior management on significant changes
Board Reporting: Reporting to Board on material policy updates

Regulatory Notification

Material Changes Requiring Regulatory Notification:

Changes to MSB registration information (ownership, control, AML Compliance Officer)
Significant changes to business model or services
Material changes to AML/CFT program structure or approach

Notification Process:

Update of FinCEN MSB registration (as applicable)
Notification to FINTRAC (as required)
Notification to state and provincial regulators (as required)
Documentation of regulatory notifications

Availability

This AML/CFT Policy is:

Accessible: Available to all employees via internal compliance portal
Searchable: Organized with clear headings and table of contents
Downloadable: Available in PDF format for offline reference
Secure: Access controls to prevent unauthorized modification

External Availability:

Policy overview available to regulators upon request
Policy elements communicated to customers as appropriate (e.g., prohibited jurisdictions)
Compliance commitments included in customer terms of service

Related Policies and Procedures

This AML/CFT Policy is supported by detailed procedures and related policies:

Customer Due Diligence Procedures
Sanctions Screening Procedures
Transaction Monitoring Procedures
Suspicious Activity Investigation and SAR/STR Filing Procedures
Enhanced Due Diligence Procedures
Record Retention Policy
Information Security and Privacy Policy
Incident Response and Breach Notification Policy
Third-Party Vendor Management Policy

Document Hierarchy:

AML/CFT Policy (this document) - Overarching framework and requirements
Detailed Procedures - Step-by-step implementation guidance
Work Instructions - Specific task instructions and system guides
Forms and Templates - Standardized documentation and reporting tools

Feedback and Questions

Employees with questions, feedback, or suggestions regarding this policy should contact:

AML/CFT Compliance Officer Email: compliance@useaxra.com Phone: [Compliance Hotline]

18. Contact Information

AML/CFT Compliance Officer

Primary Contact for All AML/CFT Matters:

AML/CFT Compliance Officer GoFree Global Inc (Axra) [Corporate Address] Email: compliance@useaxra.com Phone: [Compliance Hotline]

Responsibilities:

Oversight of AML/CFT compliance program
Customer due diligence and sanctions screening
Transaction monitoring and suspicious activity investigations
SAR/STR filing and regulatory reporting
Training and awareness programs
Regulatory examinations and inquiries
Policy and procedure development and updates

Legal Department

Legal and Regulatory Matters:

Chief Legal Officer GoFree Global Inc (Axra) [Corporate Address] Email: legal@useaxra.com Phone: [Legal Department Phone]

Responsibilities:

Legal interpretation of AML/CFT laws and regulations
Regulatory engagement and correspondence
Subpoenas and legal process response
Enforcement action defense
Policy legal review

Senior Management

Executive Oversight:

Chief Executive Officer GoFree Global Inc (Axra) [Corporate Address] Email: [CEO Email] Phone: [CEO Phone]

Responsibilities:

Executive accountability for AML/CFT program
Strategic direction and resource allocation
Regulatory relationship management
Board reporting

Regulatory Authorities

United States

Financial Crimes Enforcement Network (FinCEN) U.S. Department of the Treasury P.O. Box 39 Vienna, VA 22183 Website: www.fincen.gov BSA E-Filing System: bsaefiling.fincen.treas.gov

Axra Registration:

MSB Registration Number: 20222296774
License Number: 31000281485025

Office of Foreign Assets Control (OFAC) U.S. Department of the Treasury 1500 Pennsylvania Avenue, NW Washington, DC 20220 Hotline: 1-800-540-6322 Website: www.treasury.gov/ofac

Canada

Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) 234 Laurier Avenue West, 24th Floor Ottawa, ON K1P 1H7 Reporting: fintrac-canafe.gc.ca Phone: 1-866-346-8722

Axra Registration:

FINTRAC Registration Number: 1001010436
License Number: C100000512

Bank of Canada 234 Wellington Street Ottawa, ON K1A 0G9 Website: www.bankofcanada.ca (RPAA registration in progress)

Corporate Entities

GoFree Global Inc (Parent Entity) Delaware, USA [Corporate Address] [Phone] Website: www.useaxra.com

GoFree Global Technology Limited Canada [Canadian Address] [Phone]

GoFree Global - Nigeria Nigeria [Nigeria Address] [Phone]

GoFree Global - Rwanda Rwanda [Rwanda Address] [Phone]

Customer Support

General Customer Inquiries:

Customer Support Team Email: support@useaxra.com Phone: [Customer Support Hotline] Hours: [Support Hours]

Note: For AML/CFT compliance matters, customer service will escalate to the Compliance Officer.

Whistleblower and Confidential Reporting

Confidential Compliance Concerns:

Compliance Hotline: [Confidential Hotline] Email: compliance@useaxra.com Anonymous Reporting Portal: [URL if available]

Protection:

Confidential and anonymous reporting available
No retaliation for good faith reports
Investigation of all reported concerns

Emergency Contact

24/7 Emergency Contact for Law Enforcement:

[Emergency Contact Name and Title] Mobile: [24/7 Mobile Number] Email: [Emergency Email]

For Urgent Matters Only:

Active investigations requiring immediate action
Terrorism or national security threats
Time-sensitive law enforcement requests
Sanctions blocking requiring immediate guidance

Conclusion

Axra is committed to maintaining a robust, effective, and comprehensive Anti-Money Laundering and Counter-Financing of Terrorism compliance program. This policy establishes the framework for our AML/CFT efforts and reflects our dedication to preventing financial crime, protecting our customers and platform, and fulfilling our regulatory obligations.

All employees, agents, contractors, and authorized representatives are required to understand and comply with this policy. Questions, concerns, or suspected violations should be reported immediately to the AML/CFT Compliance Officer.

This policy will be reviewed regularly and updated as necessary to ensure continued effectiveness and compliance with evolving regulatory requirements and industry best practices.

Approved by:

[Chief Executive Officer Name] Chief Executive Officer GoFree Global Inc

Date: February 16, 2026

Attested by:

[AML/CFT Compliance Officer Name] AML/CFT Compliance Officer GoFree Global Inc

Date: February 16, 2026

Board Approval:

[Board Chair Name] Chair, Board of Directors GoFree Global Inc

Date: February 16, 2026

This document contains confidential and proprietary information of GoFree Global Inc (Axra). It is intended solely for internal use and regulatory review. Unauthorized distribution, reproduction, or disclosure is prohibited.

END OF POLICY

Policies & Terms

1. Policy Statement & Commitment

Our Commitment

2. Regulatory Framework

United States

Canada

Other Jurisdictions

Corporate Structure

3. Compliance Officer & Governance

AML/CFT Compliance Officer

Governance Structure

Contact Information

4. Risk Assessment Methodology

Risk Assessment Framework

Customer Risk Factors

Product and Service Risk Factors

Geographic Risk Factors

Channel Risk Factors

Transaction Risk Factors

Risk Classification

Risk Assessment Updates

5. Customer Due Diligence (CDD)

KYC Tier System

Tier 1: NONE (Email Only)

Tier 2: BASIC (Email + Phone)

Tier 3: STANDARD (Government ID + Selfie)

Tier 4: ENHANCED (Enhanced Due Diligence)

Beneficial Ownership Requirements

Customer Information Updates

Simplified Due Diligence

6. Enhanced Due Diligence (EDD)

EDD Triggers

Politically Exposed Persons (PEPs)

High-Risk Jurisdictions

Large Transactions

High-Risk Business Activities

Complex Ownership Structures

Unusual Transaction Patterns

EDD Documentation

EDD Approval Process

EDD Rejection Criteria

7. Ongoing Monitoring

Transaction Monitoring Program

Velocity Checks

Cumulative Volume Monitoring

Suspicious Pattern Detection

Alert Management

Account Activity Reviews

Transaction Audit Trail

Monitoring System Capabilities

8. Sanctions Screening Program

Sanctions Lists Screened

United States

United Nations

European Union

United Kingdom

Other Global Lists

Politically Exposed Persons (PEPs)

Adverse Media and Enforcement

Screening Triggers

At Registration

At Beneficiary Creation

At Transaction Initiation

Periodic Re-Screening

Screening Methodology

Match Handling Procedures

Confirmed Sanctions Match (True Positive)

Potential Match Requiring Review

False Positive Determination

Compliance Alerts

OFAC 50% Rule

Prohibited Transactions

Sanctions Licensing

9. Suspicious Activity Reporting (SARs/STRs)

Reporting Obligations

FinCEN SAR Filing (United States)

FINTRAC STR Filing (Canada)

Red Flags and Suspicious Activity Indicators

Structuring and Smurfing

Unusual Transaction Patterns