AML Policy

1. Purpose and Scope

This AML/CFT Policy applies to all of Pyzando's activities, all employees, subcontractors, and business partners. It defines the procedures, controls, and mechanisms implemented by Pyzando to detect, prevent, and report attempts at money laundering and terrorist financing.

2. Legal and Regulatory Framework

Pyzando operates in compliance with the following legal and regulatory texts:

• Law n°04/016 of July 19, 2004 on combating money laundering and terrorist financing (DRC);
• Decree-Law n°002 of January 6, 2000 on economic offenses;
• Instruction No. 17 governing electronic money in the DRC;
• Regulation No. 01 on payment systems and settlement;
• UN Security Council Resolutions (notably 1267, 1373, 1540 and successive resolutions) on the freezing of assets of persons and entities linked to terrorism;
• FATF Recommendations — 40 Recommendations on combating money laundering and terrorist financing;
• Sanctions lists of OFAC (Office of Foreign Assets Control — USA), the European Union Council, and the United Nations.

3. AML/CFT Compliance Officer

Pyzando has appointed an AML/CFT Compliance Officer responsible for:

• Overseeing the implementation of this policy;
• Ensuring staff training on AML/CFT obligations;
• Continuously assessing money laundering and terrorist financing risks;
• Deciding on suspicious transaction reports to CENAREF;
• Keeping internal procedures and watch lists up to date.

Contact: contact@pyzando.com

4. Risk-Based Approach (RBA)

Pyzando adopts a Risk-Based Approach (RBA) in accordance with FATF Recommendations. Customers and transactions are classified according to their risk level:

4.1 Risk Factors Assessed

• Customer risk: legal nature (individual / legal entity), sector of activity, country of origin, Politically Exposed Person (PEP) status;
• Geographic risk: transactions involving high-risk jurisdictions identified by FATF or embargoed countries;
• Product/service risk: high amounts, unusual frequency, cross-border transactions;
• Channel risk: fully online transactions with no physical contact.

4.2 Risk Levels

5. Customer Due Diligence (CDD / KYC) Procedures

5.1 Standard Due Diligence (CDD)

For all customers, Pyzando performs:

• Customer identification and identity verification (national ID, passport);
• Mobile phone number verification;
• Collection of information on the nature and purpose of the business relationship;
• Regular updating of customer information.

5.2 Enhanced Due Diligence (EDD)

Enhanced due diligence is mandatory for:

• Politically Exposed Persons (PEPs): heads of state, ministers, members of parliament, senior officials, directors of state-owned enterprises, and their close associates;
• Customers residing in or conducting transactions to countries identified by FATF as having strategic AML/CFT deficiencies;
• Transactions exceeding regulatory reporting thresholds;
• Any situation presenting high-risk factors identified during initial or ongoing assessment.

EDD includes: identification of beneficial owners, proof of source of funds, management approval, enhanced ongoing monitoring.

5.3 Beneficial Owner Identification

For legal entities, Pyzando identifies and verifies beneficial owners (natural persons directly or indirectly holding more than 25% of the capital or voting rights, or exercising effective control over the structure).

6. Transaction Monitoring

Pyzando implements automated systems and manual controls for transaction monitoring to detect suspicious behavior. Monitored indicators include:

• Structured transactions (structuring) aimed at circumventing reporting thresholds;
• Transactions of an unusually high amount relative to the customer's profile;
• Abnormally high frequency of transactions over a short period;
• Transactions to or from sanctioned or high-risk countries;
• Withdrawal destinations inconsistent with the merchant's profile;
• Abnormal connection or access attempts (indicator of account compromise);
• Transactions involving phone numbers flagged as fraudulent.

Monitoring thresholds are defined and regularly updated by the Compliance Officer in accordance with the evolution of money laundering techniques.

7. Suspicious Transaction Reporting to CENAREF

In accordance with Articles 21 to 24 of Law n°04/016 of July 19, 2004, Pyzando is required to report without delay to the CENAREF (National Financial Intelligence Unit of the DRC) any suspicious transaction or fact of which it becomes aware that may be linked to money laundering or terrorist financing.

Suspicious transaction reports are filed by the Compliance Officer without informing the relevant customer (non-disclosure / anti-tipping-off obligation). Pyzando and its collaborators benefit from the legal immunity provided by law for reports made in good faith.

8. Sanctions Screening

Pyzando systematically screens all customers (at registration and on an ongoing basis) and transaction counterparties against the following sanctions lists:

• UN Consolidated Sanctions List;
• OFAC SDN list (Specially Designated Nationals);
• European Union sanctions list;
• Relevant national sanctions lists.

Any match with a sanctioned person or entity results in the immediate freezing of the account and funds, and a report to competent authorities.

9. Record Keeping

In accordance with Law n°04/016 and FATF Recommendations, Pyzando retains:

• KYC identification documents: at least 5 years after the end of the business relationship;
• Transaction records: at least 5 years after the transaction date;
• Suspicious transaction reports and internal investigation files: at least 5 years;
• Monitoring and audit logs: 5 years.

These documents will be made available to competent authorities (CENAREF, judicial and regulatory authorities) upon request and within the required legal time frames.

10. Staff Training

All Pyzando collaborators receive training on AML/CFT obligations, including:

• Awareness of money laundering typologies and terrorist financing techniques;
• Procedures for identifying suspicious customers;
• Internal alert escalation procedure;
• Non-disclosure obligation (anti-tipping-off);
• Penalties applicable in case of non-compliance.

This training is provided at onboarding and updated at least once a year, or whenever there is a material change to applicable regulations.

11. Excluded Activities and Customers

Pyzando categorically refuses to enter into a relationship with and immediately terminates any existing relationship with the following customers and activities:

• Any person or entity appearing on an international or national sanctions list;
• Money laundering and terrorist financing activities;
• Trafficking in drugs, firearms, persons, organs, or protected species;
• Illegal trade in natural resources (gold, coltan, diamonds, etc.) outside official channels;
• Correspondent banking services for shell banks;
• Unlicensed casinos and gambling;
• Unregulated corporate service providers used to conceal true ownership;
• Any activity prohibited by Congolese law or international conventions ratified by the DRC.

12. Audit and Policy Review

This policy is subject to annual review by the Compliance Officer. It is also revised in the event of a change to applicable regulations or the identification of significant new risks. Internal audits and, where appropriate, independent external audits are conducted to verify the effectiveness of AML/CFT controls.

13. Reporting Channels

Any person with knowledge of suspicious activity involving the Pyzando platform is invited to report it via:

• Email: contact@pyzando.com (confidential reporting line);
• In the event of an emergency or known criminal activity: directly to CENAREF (National Financial Intelligence Unit of the DRC) or competent judicial authorities.

14. Contact