Anti-Money Laundering & Know Your Customer Compliance Report

Company name:

ZamZamTechnology LLC

Legal Compliance Officer (LCO) name:

VLADIMIR SAVICHEV

Date Report Compiled:

June 01, 2023

Reporting Period:

From May 01, 2023 to June 01, 2023

Date of Submission to Senior Management:

June 01, 2023

Summary of Duties Performed by Appointed LCO:

(a) reviewing all reports about Customers' failing CIP;
(b) maintaining all records related to internal reviews of AML/CFT activities;
(c) providing guidance on how to avoid “tipping off” if any disclosure is made; and
(d) acting as the main point of contact with law enforcement, and any other competent authorities in relation to ML/TF issues;
(e) recording and filing SARs, CTRs;
(f) training employees;
(g) performing an audit of this Policy at least annually and presenting the results to our CEO

1. Systems & Controls

Are the AML/CFT policy and procedure documents up to date?

YES / NO

Are they adequate to meet the firm’s needs & mitigate financial crime risks?

YES / NO

(a) attraction to AML / CFT of qualified special contractors;
(b) conducting business analytics;
(c) study of applied practice;
(d) lack of ML / FT;
(e) compliance with current requirements of laws and regulations

Are they effective in meeting the regulatory & legal rules & requirements?

YES / NO

Do the existing controls and measures ensure that your firm can identify, assess, monitor and manage money laundering risk?

YES / NO

Are client identification procedures effective and adequate?

YES / NO

Have due diligence checks been completed & retained for all new clients?

YES / NO

Are your Risk Management policies and procedures up to date?

YES / NO

Are they adequate to meet the firm’s needs & mitigate financial crime risks?

YES / NO

Are they effective in meeting the regulatory & legal rules & requirements?

YES / NO

2. Breaches & Reports

How Many Internal Suspicious Activity Reports (SAR’s) Were Completed?

0

Number of SAR’s Passed to competent authorities in relation to ML/TF issues?

0

Number of SAR’s NOT Passed to competent authorities in relation to ML/TF issues?

0

Were there any breaches of internal AML/CFT policies and/or procedures?

YES / NO

3. Training & Assessments

Has appropriate and effective Financial Crime and AML training been provided to all employees and associated personnel?

YES / NO

Have all training materials been reviewed for compliance with current laws, regulations and legislation?

YES / NO

Are employees asked for feedback on the training content and delivery?

YES / NO

What was the date of the last content update/review for training materials?

06/23

Have all staff received the training within the past 6 months?

YES / NO

(a) The ZAM.IO obligation under AML/CFT law;
(b) The consequence of non-compliance with AML/CFT laws;
(c) The money-laundering and financial terrorism risks to which the company is prone and the consequences of such risks;
(d) How to fulfill the obligations along with identifying, managing, and countering risks;
(e) Penalties to be paid if not complied with the AML laws including terms regarding employees’ termination, criminal and civil penalties, fines, imprisonment terms, etc. must also be focused during the training program;
(f) Training employees regarding how to react when they confront any suspicious transactions or clients;
(g) Describing accountabilities and responsibilities of the employees;
(h) A proper training program must also include case studies based on true circumstances which may include how the threat was detected and how it was dealt with proper strategies;
(i) Providing details regarding the activities and areas within a company that may be highly prone to money-laundering and financial terrorism risk.

Training in the form of lectures, discussions and answering questions from employees.



5. Due Diligence & High-Risk Clients

Is a due diligence checklist and questionnaire used for all new customers?

YES / NO

Are adequate/effective background checks performed on all new customers?

YES / NO

Are adequate/effective background checks performed for all new employees?

YES / NO

Number of current customers categorised as ‘other high-risk’?

0

6. Audits & Monitoring

Are adequate/effective monitoring and audit procedures and controls in place?

YES / NO

Based on the audit and monitoring outcomes, are the AML/CFT controls and measures deemed to be comprehensive and proportionate?

YES / NO

Are transaction monitoring processes adequate and effective?

YES / NO

Have all questions been completed?

YES / NO

Legal Compliance Officer:

Signed:

Print Name:

Vladimir Savichev

Date

June 01, 2023

TO BE COMPLETED BY SENIOR MANAGEMENT REPRESENTATIVE

Have all questions been completed?

YES / NO

Has the content contained in the report been reviewed and considered?

YES / NO

Has approval of any improvement actions been given?

YES / NO

Signed:

/s/ Iliya Biniaminov

Print Name:

Iliya Biniaminov

Title

CEO ZAMZAMTECHNOLOGY LLC

Date

June 01, 2023

Anti-Bribery and Corruption Policy

by ZamZamTechnology LLC

Last update: June 01, 2022

ZamZamTecnology LLC (“We”, “ZAM.IO”) is a highly respectable and recognizable organization. It has gained its name and reputation among its competitors and consumers through its commitment to conducting business according to moral, ethical, and legal standards.

ZAM.IO does not allow and tolerate any kind of bribery and corruption.

This Anti-Bribery and Corruption Policy (the “Policy”) discourages and prohibits any kind of bribe or corrupt practice with any kind of stakeholder, including offering, promising, or providing any kind of means or value to any stakeholder, including customer, government official, business partner, or a third party to induce any improper action in relation to our business.

Objective

This Policy outlines ZAM.IO's moral and legal responsibility to counter bribery and corruption and provide tools and methods to keep check and balance on such practices.

Corruption

For the purpose of this Policy, bribery offense includes bribes, kickbacks, extortions, either active or inducement of any kind.

Penalty

Violation of this Policy is highly discouraged. If any employee of ZAM.IO is found in violation of this Policy can face severe civil and criminal penalties in addition to disciplinary proceedings.

Scope

This Policy applies to all the employees, directors, officers, and any third party which is directly engaged with our business. Further, the Policy applies to any subsidiary, branch office, or liaison office of ZAM.IO, regardless of its location.

Prohibition of Bribery

  • ZAM.IO employees are prohibited from offering, promising, or sanctioning any kind of payment to government officials to secure improper business advantage or influence bureaucratic work.
  • ZAM.IO prohibits employees from taking any ill gain or advantage through improper means from any private entities.

Employees are strictly advised to obtain approval from ZAM.IO to advance any item of value to any government official or private entity.

Provision of any kind of travel, gifts, cash, or meals to any government official or any person in exchange for any ill gain is prohibited.

Use of donations for any unfavorable gain or to influence any person is strictly prohibited. ZAM.IO will sanction any kind of charitable gesture or donation through the proper procedure.

Sometimes it must be necessary to appropriate funds to promote or demonstrate ZAM.IO software, products or services, but it must not be used to influence the normal functioning of such officer. Before appropriating such funds, approval from the concerned department is necessary.

It is strictly prohibited to employ any government official, employee of a private entity, or their relatives to influence or gain an undue benefit. If the employment of such a person is necessary, prior approval of ZAM.IO's legal counsel is necessary.

Political contributions advanced to influence government officials are strictly prohibited. All political contributions will go through the proper channel outlined in a separate policy.

Third parties associated with ZAM.IO, either directly, are strictly prohibited from making any corrupt practice on behalf of ZAM.IO.

All payments to third parties in exchange for their services and contributions to ZAM.IO must be recorded appropriately and evidenced. Additionally, third parties interacting with a government official on behalf of ZAM.IO must be documented.

All third parties are obligated to do due diligence before engaging with government officials on behalf of ZAM.IO.

To ensure compliance with this Policy, ZAM.IO may conduct periodic audits of ZAM.IO. All employees, directors, officers, and stakeholders are obligated to cooperate with the audit process.

All directors, officers, employees, and stakeholders are obligated to report any violation of this Policy to ZAM.IO's legal team. Failure to report such an incident constitutes a violation of this Policy and leads to disciplinary action.

ZAM.IO senior management (CEO) has approved this Anti-Bribery and Corruption Policy in writing as reasonably designed to achieve and monitor our firm’s ongoing compliance with the requirements of the legal regulations.

This approval is indicated by the signature below:

Date: June 01, 2023

Signature:

/s/ Iliya Biniaminov

CEO: ILIYA BINIAMINOV

Anti-Money Laundering & Know Your Customer (KYC) Policy

by ZamZamTechnology LLC

Last update: June 01, 2022

This Anti-Money Laundering & Know Your Customer (KYC) Policy (“Policy”) confirms ZamZamTecnology (“We”, “ZAM.IO”) commitment to prevent money-laundering and the financing of terrorism in its business practices and Customers' transactions using ZAM.IO services and products.

This Policy directed to declare of ZAM.IO procedures to combat the following illegal activities:

(a) Money Laundering (“ML”) is conducting or attempting to conduct a financial transaction knowing that the transaction is designed in whole or in part to conceal or disguise the nature, location, source, ownership, or control of the proceeds of specified unlawful activities.

(b) Terrorist financing (“FT”) is conducting or attempting to conduct a financial transaction for terrorist activity, meaning as the provision or collection of funds, by any means, directly or indirectly, with the intention that they are used or in the knowledge that they are to be used, in full or in part, in order to carry out any of the offenses within the meaning of the law. This activity is done by intentionally killing, seriously harming, or endangering a person, causing substantial property damage that is likely to seriously harm people, or by seriously interfering with or disrupting essential services, facilities, or systems

ZAM.IO has established Know Your Counterparty (KYC) procedures to combat ML and FT as it is required from banks and other financial institutions. These procedures allow identify every entity (individual / business) that ZAM.IO deal with, to understand the legitimacy of our business relationships, and to identify, and react to unusual or suspicious activity.

ZAM.IO committed to implementing and enforcing effective internal controls to counter ML and FT. The Policy is to apply at a minimum the standards set out in this Policy.

The purposes of this Policy are to:

(i) an effective combating of ML and TF by proper identification of actual Customers and supervision of their transactions; and

(ii) set out the responsibilities of ZAM.IO and its all staff in respect of observing, complying with, and upholding policies on anti-money laundering (“AML”) and counter-terrorist financing (“CTF”); and

(iii) to provide information and guidance to Customers and Third Parties on the money laundering/terrorist financing risks, ZAM.IO KYC procedures, and how to recognise and deal with any potential money laundering/terrorist financing issues if they arise.



ZAM.IO should identify and cease transactions made not only to purchase/sell a cryptocurrency but made mainly to hide the criminal origin of money, finance illegal activity or other unlawful behaviors.

Specific provisions of ZAM.IO policies are confidential and for internal use only, in order to prevent their avoidance by dishonest or fraudulent Customers.

This Policy, procedures, and internal controls are designed to ensure compliance with all applicable AML / CTF regulations and rules and will be reviewed and updated on a regular basis to ensure appropriate policies, procedures, and internal controls are in place to account for both changes in regulations and changes in ZAM.IO business.

Definitions

The following words and phrases have the following meanings in this AML/KYC Policy:

Term Definition
Customer an agreement (Terms & Conditions) that defines Customers’ rights and obligations when using ZAM.IO Products
Product an individual or a business entity that engages in a financial transaction or activity with ZAM.IO and uses ZAM.IO Products
Account ZAM.IO as it’s detailed at https://zam.io. The Product includes software (i.e. zMetaboard, ZamWallet iOS and Android application), databases, and services that ZAM.IO offers to Customers through the Product
KYC a Customer’s account used by Products. Account allows a Customer to receive ZAM.IO services. Account contains Personal Data and (or) other information about a Customer who uses the Product and has entered the agreement with us
Terms Know Your Customer is the process of verifying the identity of a Customer. The objective of KYC is to prevent Products from being used for AML, CFT activities. It also enables ZAM.IO to understand its Customers and their financial dealings to serve them better and manage its risks prudently
Personal Data alone or in combination with other information or in certain contexts can be used to identify, distinguish or trace a Customer
Third party the third party with who we entered into an agreement and with who we are in a legal relationship. Third parties may provide: remote identity verification, fraud prevention, enforcement of AML/CFT laws and regulations, internal risk management and due diligence procedures, software libraries and SDK, API, technical specialists involved in the development of our Products and other

Please note:

  • all singular words include plural ones and vice versa;
  • the term "including" does not exclude anything not listed;
  • if there is no term in this Policy, then such term shall be interpreted in accordance with the designation used in the business environment and the law.

1. Internal Controls

(i) We have developed robust internal policies, procedures, and controls designed to comply with applicable laws and regulations, as well as any other reporting requirements and audits.

(ii) This Policy applies to all Customers without any exceptions. ZAM.IO will terminate its involvement with any Customers who fail to comply with this Policy and any employees who violates this Policy.

(iii) The CEO of ZAM.IO, as a senior member of the Management Board, is the main person of ZAMZAMTECHNOLOGY LLC who approves AML / CTF policies and manages AML / CTF activities in the company. The Legal Compliance Officer (“LCO”) is the main person managing the AML / CTF processes at ZAM.IO.

2. Customer Identity Program

(i) Our Customer Identity Program (“CIP”) is an important part of AML Policy and helps ZAM.IO detect suspicious activity in a timely manner and prevent fraud.

(ii) In order to open an Account and use Products, a Customer’s identity must be verified, authenticated, and checked against government watchlists, including the Office of Foreign Assets Control (“OFAC”). Failure to complete any of these steps will result in Customer’s inability to use Products.

(iii) Individual Customer:

Prior to opening an account for an individual customer, we attempt to collect, verify, and authenticate the following Personal Data:

  • Full and correct name of the person;
  • Permanent address and proof of address (e.g., a utility bill, bank statement);
  • Email address;
  • Nationality;
  • Mobile phone number;
  • Social Security Number (“SSN”) or any comparable identification number issued by a government;
  • Date and place of birth (“DOB”);
  • Proof of identity: copy of passport (e.g., driver’s license or government-issued ID), showing the following details: (1) number and country of issuance, (2) issue, and expiry date, (3) signature of the person;
  • Additional information or documentation at the discretion of ZAM.IO LCO.

(iv) Business Customer:

Prior to opening an account for a business entity, we attempt to collect, verify, and authenticate the following information:

  • Institution legal name;
  • Employer Identification Number (“EIN”) or any comparable identification number issued by a government;
  • Full legal name (of all account signatories and beneficial owners);
  • Email address (of all account signatories);
  • Mobile phone number (of all account signatories);
  • Address (principal place of business and/or other physical location);
  • Proof of legal existence (e.g., state-certified articles of incorporation or certificate of formation, certified copy of the Memorandum and Articles of Association, location of registered office, proof of good standing, unexpired government-issued business license, trust instrument, or other comparable legal documents as applicable);
  • Contract information of owners, principals, UBO, and executive management (as applicable);
  • Ownership structure;
  • Expected activity;
  • Nature of business/employment;
  • Product usage plans;
  • Source of funds; and source of wealth;
  • Identifying information for each UBO that owns 10% or more (see individual customer information collected above for more details) and proof of identity (e.g., driver’s license, passport, or government-issued ID).

3. Standard KYC procedure

(i) Step 1: Identification and verification

  • For each Customer on whom due diligence is required, ZAM.IO must identify the Customer (i.e. collect basic identity information including Personal Data) and verify that identity (i.e. check that the Customer is whom they say they are) by reference to documents and Personal Data that described this Policy.
  • Individual Customers provide Data with CIP (subclause (iii) clause 2 of this Policy). ZAM.IO should obtain and verify the individual’s Account using Personal Data with the accordance ZAM.IO Privacy Policy.
  • Business Customers provide Data with CIP (subclause (iv) clause 2 of this Policy).

(ii)Step 2: Name Screening

  • ZAM.IO should undertake a reasonable search of available information to identify any negative information which would increase the ML/TF or reputational risk of dealing with the potential Customer.
  • AML Screening: International Sanctions, Politically exposed people (PEPs), Watchlists and Adverse Media.
  • Determination of an individual presence or non-presence on global sanctions lists, PEP lists, watchlists, blacklists, or adverse media (OFAC, UN, HMT, EU, DFT etc.). This check is automated by a Third party. The results of this screening are solely based on potential matches between the user’s Personal Data and the data contained in databases available to a Third Party.

  • The above screenings should be conducted on potential Customers and the actual Customer.

(iii) Step 3 - Country Risk

  • ZAM.IO should consider the country in which the Customer is a citizen and/or resident. In accordance with our policies and Terms ZAM.IO do not open Accounts and does not process transactions for citizens and residents of, as well as people staying in, countries where transactions are prohibited by international sanctions or their internal law regulations, or countries which based on various criteria selected by ZAM.IO AML team (for example Corruption Perceptions Index by Transparency International, FATF warnings, countries with weak anti-money laundering and terrorist financing regimes determined by European Commission) impose high AML / CTF high risk.
  • Currently, these countries are Afghanistan, American Samoa, Angola, Bahamas, Botswana, Burundi, Cambodia, Central African Republic, Chad, Congo, Cuba, Democratic Republic of Congo, Equatorial Guinea, Eritrea, Ethiopia, Ghana, Guam, Guinea Bissau, Iran, Iraq, North Korea, Lebanon, Libya, Mali, Nigeria, Pakistan, Panama, Puerto Rico, Samoa, Saudi Arabia, Sierra Leone, Somalia, South Sudan, Sri Lanka, Sudan, Syria, Trinidad and Tobago, Tunisia, Venezuela, Yemen, Zimbabwe, USA (citizens and residents).

(iv) Step 4 - Ongoing monitoring

  • ZAM.IO should ensure that the due diligence on its Customers is regularly reviewed and kept up to date. Third parties provide us with daily re-check of our Customer database against AML watchlists (sanctions, PEPs, adverse media, etc).
  • A risk-based approach may be applied: the due diligence relating to the higher risk Customers may be reviewed more frequently than that of the lower risk Customers.

4. CIP implications:

  1. If a Customer as an individual successfully meets and completes ZAM.IO CIP requirements and does not appear on the OFAC or any other government watchlist, then ZAM.IO will deal with the Customer by Terms.
  2. If a Customer as a business entity successfully meets and completes ZAM.IO CIP requirements and neither it nor any of its owners, principals, executive, or managers appear on OFAC or any other governmental watchlist, then ZAM.IO will provide the Product to the Customer under Terms.
  3. If a potential or existing Customer either refuses to provide the information when requested under KYC or appears to have intentionally provided misleading information, ZAM.IO will not open a new Account and, after considering the risks involved, consider closing any existing Account. Such Customers may be limited in the rights and options of the ZAM.IO Product and Third Parties until the AML/CFT policy of ZAM.IO is fully satisfied.
  4. In either case, our AML Compliance Person will be notified so that we can determine whether we should report the situation to FinCEN on a SAR or any other governmental authority at the Company's location authorized to review reports of suspicious financial activity.
  5. Two or more accounts cannot be verified by using the same name, mobile phone number, or documents. It is prohibited to enter into a relationship with a shell bank, anonymous and fictitious named accounts and Customers involved at this activity.
  6. (vi) A customer should be identified as high-risk customer when:
    • takes over another user’s account;
    • attempts to launder money;
    • borrows money with the intention of defaulting;
    • creates an account using someone else’s identity;
    • has links to high-risk countries;
    • has links to high-risk business sectors;
    • has complex ownership structures;
    • has unusual account activity;
    • is PEP;
    • has dubious reputations.

5. Transactions’ monitoring and supervision

  1. ZAM.IO (and Third Parties) may analyse and monitor all Customers' transactions that take place on the Product looking for suspicious and unusual behaviors. As a suspicious and unusual activity ZAM.IO or Third Parties identify, for example, a significant number of the repeated identical transactions from one or more clients, a significant number of transactions made by one user, large inflows or outflows of funds to/from one account etc.
  2. Such selected transactions are analysed by our AML specialists and evaluated if they do not provide significant AML / CTF risks or if they needed to be ceased and clarified with the Customer. Customers must provide all required risk control evidence.
  3. ZAM.IO can require additional documentation proving a Customer's real, exact place of residence, education, occupation, as well as the source of money Customer are using with Products when Customer's transactions are “flagged” as suspicious or unusual, or our verification of Customer personal results in qualifying Customer as a person imposing significant AML / CTF risk.
  4. The case when LCO or a Third Party's AML professional decides information received do not clarify our doubts, ZAM.IO will be obliged to end our cooperation with such Customer, terminate all agreements, and report about Customer's transactions to relevant authorities.
  5. Suspicious Activity/Currency Transaction Reports Opening Process ZAM.IO file SARs if we know, suspect or have reason to suspect suspicious activities have occurred using Products by Customers. A suspicious transaction is often one that is inconsistent with a Customer’s known and legitimate business, personal activities or personal means. ZAM.IO leverage our compliance department, which performs transaction monitoring to help identify unusual patterns of Customer activity. Our LCO reviews and investigates suspicious activity to determine if sufficient information has been collected to justify the filing of a SAR. Our LCO maintains records and supporting documentation of all SARs and CTRs that have been filed. Reporting Requirements All records are retained for seven (7) years and are readily available upon official request by an applicable examiner, regulator, or law enforcement agency.

6. Tiers of KYC verification

  1. When a Customer's trade volume rise AML / CTF activities increases as well.
  2. ZAM.IO introduced a verification system, based on the general rule that the more money (or cryptocurrencies) a Customer deposits or wants to withdraw the more information about the Customer and its funds ZAM.IO need to exclude ML / TF risks (as we are required by law).

7. AML/CFT training

  1. ZAM.IO develops ongoing employee training under the leadership of the LCO. Training occurs on at least an annual basis and is based on company size, products, customer base, and resources. It's updated as necessary to reflect any new developments in the law. All new and current employees familiarize themselves with AML and CFT activities.
  2. The purpose of the AML/CFT training is to provide the opportunity for employees to identify unusual and suspicious activities.
  3. ZAM.IO's training will include, at a minimum:
    1. How to identify red flags and signs of money laundering that arise during employees’ duties.
    2. What to do once the risk is identified, including how, when, and to whom to escalate unusual customer activity or other red flags for analysis and, where appropriate, the filing of SARs.
    3. Employee roles in the firm's compliance efforts and how to perform them.
    4. The firm's record retention policy.
    5. The disciplinary consequences (including civil and criminal penalties) for non-compliance with the laws.
  4. ZAM.IO will develop training in itself or contract for it. Delivery may include educational pamphlets, videos, intranet systems, in-person lectures, and explanatory memos. Information for employees is gathered in the YouTrack’s “Knowledge base”, regularly updated.
  5. ZAM.IO may review its operations to see if certain employees, such as those in compliance, margin, and corporate security, require specialized additional training.
  6. The timing and content of the training provided are determined according to the needs of ZAM.IO. The frequency can vary based on legal or regulatory amendments, employee duties, and changes in the business model. The program aims to educate employees on the latest developments in preventing money laundering and terrorist financing.

8. Legal Compliance Officer (LCO)

  1. ZAM.IO designated LCO is VLADIMIR SAVICHEV (email: [email protected]).
  2. The principal function of the LCO is to act as the focal point within ZAM.IO for the oversight of all activities relating to the prevention and detection of ML/TF. This role includes providing support and guidance to ZAM.IO Individuals to ensure that ML/TF risks are adequately managed. Responsibilities include:
    1. Developing and continuously reviewing ZAM.IO's AML compliance framework, including this Policy, to ensure it remains up-to-date, effective, and consistent with statutory and regulatory requirements.
    2. Playing an active role in the identification and reporting of suspicious transactions, including reviewing reports about Customers' failing CIP and maintaining records related to internal reviews of AML/CFT activities.
    3. Providing guidance on how to avoid “tipping off” if any disclosure is made.
    4. Acting as the main point of contact with law enforcement and any other competent authorities regarding ML/TF issues.
    5. Recording and filing SARs, CTRs, and performing an AML Policy audit at least annually.
  3. The LCO is responsible for ensuring that Company employees are fully aware of their legal obligations under the AML/CTF regime by introducing a comprehensive employee education and training program.
  4. The LCO is also responsible for performing an audit of this Policy at least annually and presenting the results to our CEO.

9. AML / KYC Policy changes

  1. The AML / CTF model described this Policy is a result of the work and experience of ZAM.IO AML team, so can be changed as the legal requirements of countries changes as well as a result of gaining new knowledge and experience. In particular transition, limits of an Account may change due to periodical audits and verification of efficiency of ZAM.IO and Third Parties' procedures about AML and CTF.
  2. ZAM.IO should keep Customers updated if any changes would influence them.

ZAM.IO senior management (CEO) has approved this Anti-Bribery and Corruption Policy in writing as reasonably designed to achieve and monitor our firm’s ongoing compliance with the requirements of the legal regulations.

This approval is indicated by the signature below:

Date: June 01, 2023

Signature:

/s/ Iliya Biniaminov

CEO: ILIYA BINIAMINOV