ANTI‌ ‌MONEY‌ ‌LAUNDERING‌ ‌POLICY‌

Objectives

The purpose of this policy is to establish the general framework with EMLCU for the fight against money laundering (ML) and the financing of terrorism (FT). Vapulus puts reasonable measures in place to control and to limit ML/FT risk, including dedicating the appropriate means. Vapulus is committed to high standards of anti-money laundering / countering of terrorism (AML/CFT) compliance, and requires management, employees, and subsidiaries to adhere to these standards in preventing the use of its products and services for money laundering or terrorism financing purposes.

Policy implementation requirements

Each significant change in the Vapulus AML policy is subject to approval by the CBE & EMLCU   Local Legislative Structure   Anti-Money Laundering Law No. 80/2002, its Amendments and Executive Regulations; KYC rules issued by the EMLCU; and AML/CFT Regulations for companies, published by EMLCU examining unusual and suspicious transactions referred to the Department, were substantiated with justifiable reasons. Reporting to EMLCU the transactions suspected of involving money laundering or terrorist financing on the forms designed for this purpose.   Deciding to file reports of transactions wherein suspicion is found to be groundless, stating the reasons behind this decision. Proposing whatever measures deemed necessary for developing and updating the Company AML/CFT policies and relevant systems and procedures to enhance the effectiveness and efficiency thereof and keep pace with local and international developments. We ensure compliance of all company branches with AML/CFT regulations and internal controls, via off-site and on-site supervision. We cooperate and coordinate with the Human Resources Department (HR) to set AML/CFT training plans for the company staff, proposing training programs necessary for carrying out such projects and following up their implementation. We preparing a periodical report- at least once a year – on the company’s AML/CFT activities, and submitting it to the Governor. The Governor reviews the report, makes comments thereon, takes the necessary actions, and then sends it with his comments and decisions to the EMLCU.

Customer identification and verification (KYC)

The formal identification of customers on entry into commercial relations is vital, both for the regulations relating to money laundering, and the KYC policy. This identification relies on the following fundamental principles: Each customer (= each person and person involved in the case of a legal entity) must use original supporting documents.   These documents are recorded in a centralized system. Customer background, country of origin, public or high-profile position, linked accounts, business activities, or other risk indicators should be considered.   Identification of beneficiaries of transactions conducted by professional intermediaries; and Any person or entity connected with a financial transaction who can pose a significate reputational or other risks to the company.   Records are to remain up-to-date and relevant. When an account has become online “live,” but problems of verification arise in the business relationship which cannot be resolved, the company should close the account and return the monies to the source from which they were received. The company agrees to never open an account or conduct ongoing business with a customer who insists on anonymity or who gives a fictitious name. Each person identified must be registered by IT means. A person will not be accepted as a customer if the identification process proves to be incomplete. The specific case of the due diligence exercised on the acceptance of politically exposed persons.

Customer acceptance policy

Vapulus ensures that the sales network has a good knowledge of the customer (KYC), and can exercise the due diligence appropriate to their level of risk from the start of the customer relations, thus pretending Vapulus from entering into business relations with persons who might involve our company in money laundering or terrorism financing transactions. This is done by screening customers vs. sanctions lists and making sure all data and documents provided and uploaded to the system are valid and accurate.   Vapulus meets legal/regulatory requirement; – applying the risk-based approach run by Vapulus in categorizing customers to risk criteria. (Low / Medium / High) Risk.

Ongoing customer due diligence

For some dedicated higher risk customer categories, a risk-based review is carried out periodically to ensure that customer-related data or information is kept up-to-date. The current KYC review process regarding the other customer categories is primarily based on an “awareness principle” following the examination of a dedicated file by the AML team. This awareness principle consists of asking the customer’s account manager henceforth to perform a periodic KYC review of the customer carefully.

Ongoing transaction monitoring

AML-Compliance ensures that an “ongoing transaction monitoring” is conducted to detect unusual or suspicious transactions compared to the customer profile. This transaction monitoring is conducted on two levels: The First Line of Control: Vapulus makes its network-aware of the concern about possible suspicious transactions so that any contact with the customer, account holder, or authorized representative gives rise to the exercise of due diligence for transactions on the account concerned. In particular, these include: Requests for the execution of financial transactions on the account Claims concerning means of payment or services on the account Investment interviews The specific transactions submitted to the customer success team member, possibly through their Compliance Manager, must also be subject to due diligence. Determination of the unusual nature of one or more transactions primarily depends on a subjective assessment of the customer (KYC), financial behavior, and the transaction counterparty. The transactions observed on customer accounts for which it is difficult to gain a proper understanding of the lawful activities and origin of funds are, therefore, more rapidly be considered atypical (as they are not directly justifiable). Any Vapulus staff member must inform the AML division of any and all atypical transactions which they observe and cannot attribute to a lawful activity or source of income attributed to the customer.

Embargos and sanctions screening

To ensure compliance with the applicable sanctions against persons and entities, Vapulus has put in place a list matching system in order to compare the names of its customers with official lists from Egypt, the EU, the OFAC, or the UN. Transactions are also filtered through an on-line matching system in order to ensure compliance with sanctions obligation for fund transfers with foreign banks.

In addition to the above, and in order to provide all business lines with up-to-date information related to jurisdictions under embargo, Vapulus internally edits and maintains a Country Watchlist (“BCWL”) including the following authority:

Jurisdictions subject to EU export sanctions (including the sanctioned goods)

Jurisdictions subject to EU import sanctions (including the sanctioned products)

Jurisdictions subject to US sanctions (including the sanctioned goods or transactions)

Jurisdictions designated by officials (like FATF) as subject to being a higher money laundering risk

Jurisdictions considered as fiscal paradise by the Egyptian authorities & MLCU list

Enterprise-wide assessment 

Risk assessment is a critical component of the Vapulus AML/CFT compliance management program. As part of its risk-based approach, Vapulus has conducted an AML “Enterprise-wide risk assessment” (EWRA) to identify and understand risks specific to Vapulus and its business lines. The Vapulus AML risk profile is determined after identifying and documenting the risks inherent to its business lines, such as the products and services a company offers, the customers to whom such products and services are provided, transactions performed by these customers, delivery channels used by the company, the geographic locations of the company’s operations, customers and sales and other qualitative and emerging risks. The identification of AML/CFT risk categories is based on Vapulus understanding of regulatory requirements, regulatory expectations, and industry guidance. The EWRA is reassessed yearly.

Risk Profile calculation

To assist in determining the level of AML/CFT due diligence to be exercised with regard to a customer, a “Compliance” risk profile is calculated upon entry into relations (Low, Medium, High), and is then recalculated quarterly.

To assist in determining the level of AML/CFT due diligence to be exercised with regard to the customer, a “Compliance” risk profile is calculated first of all on entry into relations (Low, Medium, High), and is then recalculated quarterly

Data Access and Staff Protection

Data Access:

Officials at the Compliance Department have the following abilities and powers

To directly communicate with any of the company’s staff to access any files/information necessary for performing their duties

To check potential non-compliance incidents, and request support from the team in charge at the company’s (legal advisor- internal audit).

Guarantee of Staff Protection

The company guarantees the protection of those employees who report –in good faith- suspicious transactions

Organization of internal control 

Suspicious transactions reporting:

In its internal procedures, Vapulus describes in precise terms and for the instruction of its staff members, when it is necessary to report and how to proceed with such reporting. Reports of atypical transactions are analysed within the AML team in accordance with the precise methodology fully described in the internal procedures.

Depending on the result of this examination, and on the basis of the information gathered, the AML team will decide whether it is necessary or not to send a report to the FIU, in accordance with the legal obligations provided in the Law no. 78 2003.

All transactions suspected of involving money laundering or terrorist financing, including attempts to conduct such transactions, must be reported, regardless of their volume or type.

The report will include detailed reasons and causes that led the company to suspect the transaction.

The report shall be made in the form designed by the EMLCU for this purpose. All data and copies of documents of the suspicious transaction should be attached to the said form.

Procedures of reported transactions suspected of involving money laundering or terrorist financing, or data related thereto, shall not be disclosed to the customer, beneficial owner, or any other entity, except to the authorities and entities responsible for enforcing the provisions of Anti-Money Laundering Law.

Procedures

The AML/CFT rules, including minimum KYC standards, have been translated into operational guidelines or procedures that are available on the Intranet site of Vapulus.

 The following documentation should be maintained for five years:

Unusual transaction reports and the documents proving review thereof. 

Copies of the documents of suspicious transactions (originals are to be kept with company’s documents at the Archive), including copies of reports sent to the EMLCU. 

Copies of documents and reports that the Head of Compliance Dept. has decided to keep. 

Records of training programs, provided that such records contain data on all AML/CFT programs offered to company’s staff, names of trainees, their divisions/departments, content and timeframe of training programs, and training entity, whether at home or abroad.

Training

Vapulus has developed different training and awareness programs in order to keep its staff aware of their AML/CFT duties. The training and awareness program is reflected in its usage by: 

Mandatory AML e-learning training programs in accordance with the latest regulatory evolutions 

Academic AML learning sessions for all new branch employees 

The content of this training program is established in accordance with the kind of business the trainees are working in and the posts they hold. These sessions are given by an AML-specialist working on the Vapulus AML team.

Auditing

Internal audit regularly establishes missions and reports about AML/CFT activities.