Anti-Money-Laundering Policy

1. Policy Statement

Mando Network Limited is committed to the highest standards of anti-money-laundering ("AML") and counter-terrorist-financing ("CTF") compliance. We recognise that the effectiveness of the financial system as a whole depends on every participant refusing to facilitate criminal funds. We take our responsibilities under the UK legal and regulatory regime extremely seriously. This policy sets out the framework, governance, controls, procedures and training we use to prevent, detect and report money laundering, terrorist financing, proliferation financing and sanctions breaches.

2. Legal and regulatory framework

Our programme is designed to meet the requirements of the following UK legal instruments and international standards:

• The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 ("MLR 2017"), as amended in 2019, 2020 and 2022.
• The Proceeds of Crime Act 2002 ("POCA 2002"), in particular sections 327 to 342 establishing the principal money-laundering offences and the suspicious-activity-report regime.
• The Terrorism Act 2000, in particular sections 15 to 23 and 38B, and the Anti-Terrorism, Crime and Security Act 2001.
• The Sanctions and Anti-Money Laundering Act 2018 and the financial-sanctions regulations made under it by HM Treasury, administered by the Office of Financial Sanctions Implementation (OFSI).
• The Criminal Finances Act 2017, establishing the corporate offence of failure to prevent the facilitation of tax evasion.
• The Economic Crime (Transparency and Enforcement) Act 2022.
• FCA Handbook SYSC 6.3 (Financial Crime Systems and Controls) and the FCA Financial Crime Guide.
• JMLSG Guidance — the Joint Money Laundering Steering Group guidance, which we treat as the primary source of practical interpretation.
• The FATF Recommendations, as reflected in UK law.

3. Governance

The Board of Mando Network Limited has ultimate responsibility for compliance with our AML obligations and for approving this policy. Day-to-day responsibility is delegated to the Money Laundering Reporting Officer ("MLRO") and the Nominated Officer, both appointed under Regulation 21 of MLR 2017. The MLRO has direct reporting access to the Board, full and unrestricted access to all customer and transaction data, an annual budget for training and compliance tooling, and a written mandate protecting their independence. The MLRO submits a written annual report to the Board covering the effectiveness of the programme, the volume and disposition of suspicious activity reports, sanctions hits, training completion rates, and remediation priorities.

4. Risk-based approach

As required by Regulation 18 of MLR 2017, we conduct a written business-wide risk assessment identifying and evaluating the money-laundering and terrorist-financing risks to which we are exposed, taking account of: (a) customer type and residence; (b) product and service characteristics; (c) delivery channel; (d) geographic exposure; and (e) transaction type. The risk assessment is reviewed at least annually and whenever a material change in our business occurs. Our customer due diligence, monitoring and reporting procedures are calibrated to the risk level assigned to each customer and each transaction.

5. Customer due diligence

Before opening any account we carry out customer due diligence ("CDD") as required by Regulations 27 to 33 of MLR 2017. CDD consists of:

• Identification — collection of the customer's full legal name, date of birth, nationality, and residential address.
• Verification — confirmation of identity from a government-issued photo document (passport, UK driving licence, national identity card) matched in real time against a liveness-verified selfie, supplemented where required by electronic verification against authoritative data sources.
• Beneficial ownership (for businesses) — identification and verification of any individual owning or controlling 25 percent or more of the entity, verification against the Companies House register and the Persons of Significant Control register.
• Purpose and nature of the relationship — collection of a nature-of-business statement and expected account activity profile.
• Source of funds and source of wealth — collected where risk indicators warrant it, in particular for higher-risk customers or unusually large transactions.
• PEP and sanctions screening — see section 6.

Simplified due diligence is applied only where permitted by Regulation 37 and where the business-wide risk assessment supports it. Enhanced due diligence is applied under Regulation 33 in all high-risk situations including any relationship involving a high-risk third country, any PEP relationship, any complex or unusually large transaction, and any relationship with no apparent economic or lawful purpose.

6. Sanctions and PEP screening

Every applicant and every existing customer is screened in real time against the following lists, and re-screened daily to catch newly added entries:

• The HM Treasury / OFSI consolidated list of financial sanctions targets (UK sanctions regime).
• The UK National Counter-Terrorism Security Office list.
• The UN Security Council Consolidated List.
• The EU consolidated list.
• The US Office of Foreign Assets Control (OFAC) Specially Designated Nationals list.
• Adverse media and law-enforcement published lists.
• Worldwide PEP databases aggregated from authoritative sources.

Any true positive match is automatically frozen and escalated to the MLRO within 24 hours. We will not knowingly deal with, make funds available to, or otherwise benefit a designated person, in line with our obligations under the UK sanctions regime. Attempted breaches are reported to OFSI as required.

7. Ongoing monitoring

Customer activity is monitored on a continuing basis in accordance with Regulation 28(11). Our monitoring engine applies the following controls, calibrated by risk band:

• Velocity rules — alerts on unusual transaction counts or values over rolling windows.
• Deviation from profile — alerts when activity diverges from the expected profile recorded at onboarding.
• Structuring detection — alerts on patterns consistent with deliberate avoidance of reporting thresholds.
• Geographic risk scoring — every transaction is scored against a continually updated geographic risk matrix derived from FATF, HM Treasury and OFSI lists.
• Counterparty screening — every sending and receiving counterparty is screened in real time.
• Chargeback pattern detection — card-scheme chargebacks are scored for indicators of friendly fraud, merchant fraud or first-party misuse.
• Network analysis — alerts on connections between customers that suggest a coordinated ring.

Alerts are triaged by our Compliance team. Confirmed or reasonably suspected activity is escalated to the MLRO for a section 330 internal disclosure decision.

8. Suspicious activity reporting

Where the MLRO has knowledge, suspicion, or reasonable grounds for knowing or suspecting that a customer is engaged in money laundering or terrorist financing, a Suspicious Activity Report ("SAR") is submitted to the UK Financial Intelligence Unit at the National Crime Agency in accordance with section 330 of POCA 2002 and section 21A of the Terrorism Act 2000. Where funds are held in the affected account the MLRO will seek a Defence Against Money Laundering ("DAML") before executing any onward payment, pausing the account for the statutory moratorium period if necessary. We operate strict tipping-off controls under section 333A of POCA 2002 — under no circumstances will a customer be informed that a SAR has been made about them.

9. Record keeping

Under Regulation 40 of MLR 2017 we retain:

• copies of identity documents and verification records for five years from the end of the customer relationship;
• transaction records sufficient to reconstruct any individual transaction for five years from the date of the transaction;
• SARs, MLRO case files, internal disclosures and correspondence with the UK Financial Intelligence Unit — indefinitely, or for five years from the last related event, whichever is longer;
• training records and risk assessments — for the lifetime of the firm plus five years.

All records are stored encrypted at rest and are available on demand to the FCA, HMRC or any other supervisory authority.

10. Training

Every member of staff who comes into contact with customers, transactions, or the compliance programme itself receives mandatory AML and CTF training on induction and at least annually thereafter. Training is role-based — front-line staff receive a different package from developers, finance, and senior management. Training completion is tracked and non-completion is escalated. The MLRO and the Nominated Officer attend external AML training to meet their continuing professional development obligations.

11. Tax evasion facilitation

Under the Criminal Finances Act 2017 we maintain reasonable prevention procedures to protect against the corporate offence of failure to prevent the facilitation of UK or foreign tax evasion. These procedures include staff training, customer due diligence, transaction monitoring calibrated for tax-evasion typologies, and contractual protections in our third-party agreements.

12. Whistleblowing

Any member of staff or any customer who suspects that Mando, a member of its staff or a customer is involved in money laundering, terrorist financing, sanctions breaches, tax-evasion facilitation or any other financial crime may report the concern in confidence to the MLRO at mlro@mando.network, or directly to the FCA whistleblowing line at fca.org.uk/firms/whistleblowing. UK law protects whistleblowers against retaliation under the Public Interest Disclosure Act 1998.

13. Cooperation with authorities

We cooperate fully and promptly with all lawful requests from the FCA, HMRC, the National Crime Agency, the Serious Fraud Office, OFSI, the police, the courts, and any other UK authority with jurisdiction. Production orders, account freezing orders, and disclosure orders are handled by the MLRO in consultation with external legal counsel.

14. Review

This policy is reviewed at least annually by the MLRO and approved by the Board. Material changes in law, regulation, guidance or the business-wide risk assessment trigger an out-of-cycle review. The current version of this policy is always published on this page.

15. Contact

Money Laundering Reporting Officer: mlro@mando.network
Compliance team: compliance@mando.network