Anti-Money Laundering (AML) Policy

Last Updated: 15 September 2025

1. COMPANY INFORMATION

Company Name: DIGIFABRICA LTD
Company Number: 15390190
Registered Office: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
Email: info@bittenpay.com
Director: Ümit Sönmez

2. INTRODUCTION

This Anti-Money Laundering (AML) Policy establishes DIGIFABRICA’s commitment to preventing money laundering, terrorist financing, and other financial crimes. This policy complies with UK anti-money laundering regulations and international standards to maintain the integrity of our digital marketplace platform.

3. REGULATORY FRAMEWORK

3.1 Applicable Legislation

UK Regulations:

Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017
Proceeds of Crime Act 2002
Terrorism Act 2000
Criminal Finances Act 2017
Payment Services Regulations 2017

International Standards:

Financial Action Task Force (FATF) Recommendations
EU Anti-Money Laundering Directives
International sanctions regimes
OECD Common Reporting Standards

3.2 Regulatory Authorities

Primary Supervisory Authority:

HM Revenue and Customs (HMRC) for AML supervision
Financial Conduct Authority (FCA) for payment services
National Crime Agency (NCA) for suspicious activity reporting
Office of Financial Sanctions Implementation (OFSI) for sanctions

4. POLICY SCOPE AND APPLICATION

4.1 Scope of Application

Covered Activities:

Digital marketplace payment processing
Vendor and affiliate payout processing
Customer transaction monitoring
Cross-border payment facilitation
Business relationship establishment

Covered Persons:

All DIGIFABRICA employees and directors
Vendors selling through the platform
Affiliates promoting products
Customers purchasing digital products
Third-party service providers

4.2 Risk-Based Approach

Risk Assessment Framework:

Customer risk assessment procedures
Product and service risk evaluation
Geographic risk considerations
Delivery channel risk analysis
Regular risk assessment updates

5. CUSTOMER DUE DILIGENCE (CDD)

5.1 Customer Identification Requirements

Standard Due Diligence:

Full name and residential address verification
Date of birth and nationality confirmation
Government-issued photo identification
Proof of address (utility bill, bank statement)
Business registration documents (for companies)

Digital Identity Verification:

Electronic identity verification services
Document authentication technology
Biometric verification where appropriate
Real-time identity database checks
Enhanced verification for high-risk customers

5.2 Enhanced Due Diligence (EDD)

Enhanced Due Diligence Triggers:

Politically Exposed Persons (PEPs)
High-risk geographic locations
Unusual transaction patterns
High-value transaction thresholds
Complex corporate structures

Enhanced Verification Requirements:

Source of wealth and funds verification
Enhanced background checks
Senior management approval
Ongoing enhanced monitoring
Additional documentation requirements

5.3 Simplified Due Diligence

Lower Risk Scenarios:

Low-value transactions (under $1,000)
EU/EEA regulated financial institutions
Public companies listed on regulated markets
Government bodies and public authorities
Low-risk customer categories

Simplified Requirements:

Basic identity verification
Reduced documentation requirements
Standard monitoring procedures
Regular risk assessment review

6. KNOW YOUR CUSTOMER (KYC) PROCEDURES

6.1 Customer Onboarding Process

Registration Requirements:

Account creation with verified email address
Basic personal or business information
Acceptance of terms and conditions
Initial risk assessment and screening
Payment method verification

Verification Timeline:

Basic verification: Within 24 hours
Enhanced verification: Within 72 hours
Complex cases: Up to 7 business days
Ongoing monitoring: Continuous
Re-verification: Annually or as needed

6.2 Business Customer Requirements

Corporate Due Diligence:

Company registration documents
Beneficial ownership identification
Directors and authorized persons verification
Business license and regulatory permits
Corporate structure and ownership charts

Beneficial Ownership Rules:

Identification of persons owning 25%+ of shares or voting rights
Persons exercising control over the company
Senior managing officials for complex structures
Regular updates on ownership changes
Enhanced scrutiny for complex structures

6.3 Ongoing Monitoring

Continuous Customer Monitoring:

Transaction pattern analysis
Behavioral monitoring systems
Regular profile updates and reviews
Adverse media screening
Sanctions list checking

Monitoring Triggers:

Unusual transaction volumes or patterns
Changes in customer behavior
Geographic risk factor changes
Adverse media or regulatory alerts
Customer-initiated information updates

7. TRANSACTION MONITORING

7.1 Automated Monitoring Systems

Real-Time Transaction Screening:

Automated transaction analysis algorithms
Pattern recognition and anomaly detection
Velocity checks and threshold monitoring
Cross-referencing with sanctions lists
Immediate alert generation for suspicious activity

Monitoring Parameters:

Transaction amount thresholds
Frequency and timing patterns
Geographic risk indicators
Customer behavioral changes
Payment method variations

7.2 Suspicious Activity Indicators

Red Flags for Digital Marketplace:

Unusual payment methods or sources
Multiple accounts from same person or address
Rapid high-value transactions after account opening
Transactions inconsistent with customer profile
Attempts to circumvent verification procedures

Transaction Red Flags:

Multiple small transactions just below reporting thresholds
Transactions to/from high-risk jurisdictions
Use of privacy coins or mixing services
Unusual refund or chargeback patterns
Complex routing through multiple payment methods

7.3 Alert Investigation Procedures

Investigation Process:

Immediate Alert Review: Within 4 hours of generation
Initial Assessment: Risk level and urgency determination
Detailed Investigation: Enhanced due diligence and fact-finding
Decision Making: Continue, restrict, or report activity
Documentation: Complete investigation records

Investigation Team:

Designated Money Laundering Reporting Officer (MLRO)
Compliance analysts and investigators
Senior management oversight
External legal counsel when required
Law enforcement liaison when appropriate

8. SANCTIONS SCREENING

8.1 Sanctions Lists Monitoring

Screened Lists:

UK HM Treasury Consolidated List
EU Consolidated List of Sanctions
US OFAC Specially Designated Nationals (SDN) List
UN Security Council Sanctions List
Additional international and country-specific lists

Screening Frequency:

Real-time screening for new customers
Daily batch screening of existing customer base
Transaction-level screening for payments
Immediate screening upon list updates
Enhanced screening for high-risk customers

8.2 Sanctions Compliance Procedures

Screening Process:

Automated name matching algorithms
Manual review of potential matches
False positive analysis and clearance
Escalation procedures for true matches
Immediate blocking of sanctioned parties

Prohibited Activities:

Transactions with sanctioned individuals or entities
Business in prohibited jurisdictions
Services that facilitate sanctions evasion
Processing payments for sanctioned activities
Indirect dealings with sanctioned parties

8.3 Sanctions Response Procedures

Immediate Actions:

Freeze accounts and block transactions
Report to relevant authorities within required timeframes
Preserve all relevant documentation and records
Cease all business relationships immediately
Coordinate with law enforcement as required

9. POLITICALLY EXPOSED PERSONS (PEP)

9.1 PEP Definition and Categories

Politically Exposed Persons:

Heads of state and government officials
Senior politicians and political party officials
Senior government, judicial, or military officials
Senior executives of state-owned enterprises
Family members and close associates of PEPs

Risk Categories:

Domestic PEPs (UK-based political figures)
Foreign PEPs (international political figures)
International organization PEPs (UN, EU officials, etc.)
Former PEPs (risk assessment for period after leaving office)

9.2 PEP Risk Management

Enhanced Due Diligence for PEPs:

Senior management approval for business relationships
Enhanced background checks and source of wealth verification
Ongoing enhanced monitoring of transactions
Regular review of business relationship necessity
Additional documentation and verification requirements

PEP Monitoring:

Enhanced transaction monitoring systems
Regular adverse media screening
Political status change monitoring
Family member and associate identification
Elevated reporting and documentation standards

10. RECORD KEEPING REQUIREMENTS

10.1 Documentation Standards

Required Records:

Customer identification and verification documents
Transaction records and supporting documentation
Compliance monitoring and investigation records
Training records and policy acknowledgments
Suspicious activity reports and related documentation

Record Retention Periods:

Customer identification records: 5 years after relationship ends
Transaction records: 5 years after transaction completion
Investigation and monitoring records: 5 years after case closure
Training and compliance records: 5 years after creation
Suspicious activity reports: Indefinite retention

10.2 Record Security and Access

Security Measures:

Encrypted storage for all sensitive records
Access controls and audit trails
Regular backup and disaster recovery procedures
Secure disposal of physical and electronic records
Compliance with data protection regulations

Access Controls:

Role-based access to compliance records
Senior management oversight of access
Regular access reviews and updates
Audit trails for all record access
Confidentiality obligations for all personnel

11. SUSPICIOUS ACTIVITY REPORTING

11.1 Suspicious Activity Report (SAR) Obligations

Reporting Requirements:

Mandatory reporting of suspicious activity to NCA
Reporting timeline: As soon as possible, no later than 24 hours
Detailed documentation of suspicious activity
Ongoing monitoring after SAR submission
Cooperation with law enforcement investigations

Reportable Activities:

Known or suspected money laundering
Terrorist financing activities
Sanctions violations
Large cash transactions (where applicable)
Other serious crimes involving financial transactions

11.2 SAR Submission Process

Internal Process:

Detection: Identification of suspicious activity
Investigation: Preliminary internal investigation
Decision: MLRO determination on reporting necessity
Submission: SAR submission to appropriate authorities
Follow-up: Ongoing cooperation and monitoring

External Submission:

Submission to National Crime Agency (NCA)
Use of SAR Online system for electronic filing
Complete and accurate information provision
Timely submission within regulatory timeframes
Maintenance of confidentiality and tipping-off restrictions

11.3 Tipping-Off Restrictions

Prohibited Activities:

Disclosure of SAR submission to customer
Warning customers about law enforcement interest
Informing third parties about ongoing investigations
Any action that might prejudice an investigation
Disclosure of suspicious activity outside compliance team

12. TRAINING AND AWARENESS

12.1 Employee Training Program

Mandatory Training:

AML/CFT awareness and recognition
Customer due diligence procedures
Transaction monitoring and reporting
Sanctions compliance requirements
Record keeping and documentation standards

Training Schedule:

Initial training for all new employees
Annual refresher training for all staff
Specialized training for compliance team
Ad-hoc training for regulatory updates
Senior management AML oversight training

12.2 Training Content and Assessment

Core Training Topics:

Money laundering and terrorist financing risks
Regulatory requirements and compliance obligations
Red flag indicators and suspicious activity recognition
Customer due diligence and verification procedures
Sanctions screening and compliance procedures

Assessment and Certification:

Training completion testing and certification
Regular assessment of training effectiveness
Performance monitoring and improvement
Documentation of training completion
Ongoing competency evaluation

13. GOVERNANCE AND OVERSIGHT

13.1 Money Laundering Reporting Officer (MLRO)

MLRO Responsibilities:

Overall AML compliance program oversight
Suspicious activity report decision-making
Regulatory liaison and communication
Staff training and awareness programs
Policy development and implementation

MLRO Appointment:

Senior management level appointment
Appropriate experience and qualifications
Independence and authority to perform role
Regular reporting to board and senior management
Professional development and continuing education

13.2 Senior Management Oversight

Board and Management Responsibilities:

AML policy approval and oversight
Resource allocation for compliance programs
Regular compliance reporting and review
Risk appetite and tolerance setting
Culture and tone setting for compliance

Governance Framework:

Regular compliance committee meetings
Annual policy review and updates
Compliance audit and testing programs
Regulatory relationship management
Incident response and crisis management

14. COMPLIANCE MONITORING AND TESTING

14.1 Internal Audit and Testing

Regular Testing Program:

Annual independent compliance testing
Quarterly system and process reviews
Monthly transaction monitoring effectiveness testing
Ad-hoc testing for specific risk areas
Post-incident testing and validation

Testing Scope:

Customer due diligence procedures
Transaction monitoring system effectiveness
Sanctions screening accuracy and completeness
Record keeping and documentation quality
Training program effectiveness and coverage

14.2 Continuous Improvement

Performance Monitoring:

Key performance indicator tracking
Compliance metrics and trend analysis
Regulatory feedback integration
Industry best practice benchmarking
System and process optimization

Remediation Procedures:

Issue identification and root cause analysis
Corrective action planning and implementation
Progress monitoring and validation
Management reporting and oversight
Regulatory notification where required

15. THIRD-PARTY RISK MANAGEMENT

15.1 Vendor and Service Provider Due Diligence

Third-Party Risk Assessment:

AML compliance capability evaluation
Regulatory approval and supervision verification
Reputation and background checks
Contract terms and compliance obligations
Ongoing monitoring and review procedures

High-Risk Third Parties:

Payment processors and financial institutions
Identity verification service providers
Data storage and processing vendors
International service providers
Technology and system vendors

15.2 Ongoing Third-Party Monitoring

Monitoring Requirements:

Regular compliance attestations
Performance and service level monitoring
Regulatory status and approval verification
Incident reporting and management
Contract renewal and review procedures

16. INTERNATIONAL COOPERATION

16.1 Cross-Border Compliance

International Standards:

FATF recommendations implementation
Mutual legal assistance treaty cooperation
Information sharing with foreign authorities
Cross-border payment monitoring
International sanctions compliance

16.2 Regulatory Cooperation

Authority Cooperation:

Information sharing with UK and international authorities
Assistance with cross-border investigations
Compliance with information requests
Participation in international compliance initiatives
Best practice sharing and development

17. CONTACT INFORMATION

17.1 AML Compliance Contact

Money Laundering Reporting Officer (MLRO):

Email: info@bittenpay.com
Subject: “AML Compliance – [Matter Type]”
Confidential reporting available

17.2 Regulatory Reporting

Suspicious Activity Reporting:

National Crime Agency (NCA) SAR Online
Emergency contact: NCA duty desk
Internal escalation: MLRO and senior management

18. POLICY REVIEW AND UPDATES

18.1 Regular Review Process

Review Schedule:

Annual comprehensive policy review
Quarterly regulatory update assessment
Ad-hoc review for significant changes
Post-incident policy evaluation
Regulatory feedback integration

18.2 Update Communication

Implementation Process:

Staff training on policy updates
System and procedure modifications
Customer communication where required
Regulatory notification of material changes
Effective date management and coordination

19. GOVERNING LAW

This Anti-Money Laundering Policy is governed by UK law and complies with all applicable UK and international AML regulations and standards.

20. ACKNOWLEDGMENT

All DIGIFABRICA personnel acknowledge understanding of and commitment to compliance with this Anti-Money Laundering Policy and all applicable legal and regulatory requirements.