Introduction

A7777 maintains an anti-money laundering and counter-terrorism financing (AML/CFT) program to detect, deter and report financial crime. This policy establishes the minimum controls for customer due diligence, ongoing monitoring, record-keeping, training and governance necessary to prevent the platform from being used for money laundering or the financing of terrorism.

Scope

This policy applies to all customer relationships, transactions and business activities conducted on or through the A7777 platform, including non-face-to-face interactions and affiliates acting on behalf of A7777. It governs onboarding, ongoing activity and any business relationships established by A7777 in pursuit of its services.

Regulatory framework

The program complies with applicable national AML/CFT legislation, regulations and guidance, and with recognized international standards. A7777 will cooperate with the competent supervisory authority and, where required, with financial intelligence units and law enforcement authorities in the execution of its duties.

Risk-based approach

A7777 uses a risk-based approach to identify, assess and mitigate money laundering and terrorist financing risk. The risk model considers four principal risk domains: customer risk, product risk, interface (channel) risk and geographical risk. Risk assessments inform the design and operation of controls, monitoring and training.

Customer due diligence and verification

On onboarding, identity verification is required before the customer is permitted to transact above certain thresholds. The company will collect and verify information including: full legal name, date of birth, current residential address, and contact details; documentary evidence such as government-issued identification and proof of current address; and information on the purpose and intended nature of the business relationship.

  • Government-issued photo identification (e.g., passport or national identity card).
  • Proof of residential address (e.g., recent utility bill dated within the last two months).
  • Evidence of funding source and, where applicable, proof of funds.
  • Beneficial ownership information for corporate customers where applicable.

Thresholds: When the cumulative value of deposits or withdrawals reaches EUR 500 or more, additional verification and supporting documentation must be obtained, and enhanced checks may be applied as warranted by risk. Identity verification and due diligence apply to non-face-to-face relationships using reliable, independent sources.

Enhanced due diligence

Higher risk customers, including politically exposed persons (PEP) or cross-border relationships, are subject to enhanced due diligence. This includes additional identity verification, expanded documentation, verification of source of funds, ongoing monitoring at increased frequency and enhanced review of transactions.

Ongoing monitoring and updating

Customer information and risk profiles are kept up to date. Ongoing monitoring of transactions is conducted to identify unusual or suspicious patterns, and risk assessments are updated when the business environment or customer risk changes. Periodic reviews are conducted at regular intervals and informed by transactions, product changes and geographic considerations.

Record-keeping

All KYC/CDD/EDD records, transaction histories and internal investigative materials are retained for not less than eight years from the date of last activity or account closure, whichever is later. Records are securely stored and accessible to authorized personnel and, where required by law, to competent authorities.

Suspicious activity reporting and internal controls

All employees must monitor for and report suspicious activity to the AML Compliance Officer promptly and confidentially. Investigations are conducted independently, with findings escalated as appropriate. Where required by law, reports may be submitted to the relevant financial intelligence unit or other competent authorities. The program preserves auditable records and maintains clear escalation paths.

Data privacy and retention

A7777 processes personal data to comply with AML/CFT requirements and as described in the privacy policy. Personal data is retained for eight years after the date of last activity, subject to applicable privacy laws. Data subjects have rights of access, rectification and restriction; inquiries should be directed to the designated privacy contact.

Roles and responsibilities

The Director holds ultimate responsibility for the AML program. The AML Compliance Officer oversees day-to-day implementation and monitoring, while business units implement procedures and staff conduct ongoing compliance activities. All employees must complete AML training and adhere to this policy.

Prohibited jurisdictions

A7777 does not permit onboarding or ongoing business relationships with customers located in jurisdictions identified by sanctions, countermeasures or high AML risk, and will perform risk-based screening against applicable lists. If a customer becomes restricted, activities will be suspended and accounts closed in accordance with applicable law.

Training and awareness

All staff receive AML training at onboarding and at least annually thereafter. Training covers AML indicators, reporting obligations, and the requirements of this policy and related procedures. Training materials are updated when laws, guidelines or risk factors change.

Review and updates

This policy is reviewed annually by the Board or a designated committee. Material changes are approved and communicated to staff, and, where required, reflected in updated procedures and retraining.

Enforcement and sanctions

Non-compliance with this policy may result in suspension or termination of accounts, blocking of transactions, and referral to competent authorities as required by law, in addition to internal disciplinary measures.