AML KYC POLICY

1. Introduction and Statement of Policy

Quick Collect Inc. (“Quick Collect”) is unwavering in its commitment to global financial integrity. Money laundering, terrorist financing, and illicit financial activities threaten economic stability and security. As a leader in financial services, Quick Collect adheres to the highest ethical standards, ensuring compliance with international and jurisdictional regulations. Non-compliance risks severe penalties, including fines, reputational damage, and loss of operational licenses. This Policy underscores our dedication to safeguarding stakeholders and maintaining trust through robust frameworks aligned with:

  • FATF Recommendations: Adoption of a risk-based approach (RBA) to prioritize resources.
  • Global Regulations: Tailored procedures for jurisdictions (e.g., EU AMLD VI for crypto asset transparency).
  • Ethical Practices: Zero tolerance for complicity in financial crime, enforced through rigorous internal controls.

2. Scope and Applicability

This Policy applies to:

  • All Services: Digital payments, cross-border transfers, cryptocurrency exchanges, and merchant services.
  • Stakeholders: Employees, contractors, agents, subsidiaries, and third-party vendors.
  • Transactions: Fiat and virtual currency transactions, peer-to-peer transfers, and bulk payments.

3. Definitions (Expanded)

  • Structuring/Smurfing: Intentional splitting of transactions to evade reporting thresholds.
  • Beneficial Owner: Natural person(s) exercising control over a legal entity, directly/indirectly.
  • Sanctions: Legal restrictions imposed by authorities (e.g., OFAC, UN) against countries, entities, or individuals.
  • De-Risking: Termination of high-risk relationships to mitigate AML exposure.

4. Governance and Oversight

4.1 Board of Directors

  • Approves annual AML budgets and high-risk strategies.
  • Reviews biannual risk assessment reports.

4.2 Chief Compliance Officer (CCO)/MLRO

  • Authority: Halts transactions pending investigation.
  • Escalation Paths: Direct reporting to the Board for critical issues.
  • Risk Assessment: Quarterly reviews of jurisdictional risks (e.g., FATF blacklist updates).

4.3 Compliance Committee

Cross-departmental team (Legal, IT, Operations) overseeing policy implementation.

5. Enhanced Customer Due Diligence (CDD) and KYC

5.1 Standard Due Diligence (SDD)

  • Individuals:
    • Biometric Verification: Liveness detection via real-time selfies.
    • Document Checks: AI-powered validation of IDs against global databases.
  • Businesses:
    • UBO Disclosure: Ownership charts for entities with ≥25% stakes.
    • Purpose of Account: Documentation of expected transaction types/volumes.

5.2 Enhanced Due Diligence (EDD)

  • High-Risk Categories:
    • PEPs: Senior management approval and annual re-screening.
    • Jurisdictions: Enhanced monitoring for FATF grey-listed countries (e.g., Myanmar, Syria).
    • Sectors: Crypto exchanges, gambling, and non-profit organizations.
  • Measures:
    • Source of Funds: Bank statements, investment records, or business revenue proofs.
    • Ongoing Monitoring: Algorithmic behavioral analysis for deviations.

6. Transaction Monitoring and Reporting

  • Systems: AI-driven tools flagging:
    • Threshold Crossings: Single/multiple transactions ≥$10,000 (adjusted per jurisdiction).
    • Patterns: Rapid cross-jurisdictional transfers or inconsistent account activity.
  • Process:
    1. Alert Generation: Automated system flags.
    2. Triage: Compliance team reviews within 24 hours.
    3. Investigation: MLRO-led inquiry with documentation.
    4. Reporting: STRs filed within 30 days to FINTRAC, AUSTRAC, or FIU counterparts.

7. Sanctions and PEP Screening

  • Tools: Real-time screening via Dow Jones RiskCenter/World-Check.
  • Procedures:
    • Name Matches: Fuzzy logic for aliases (e.g., “Mohamed” vs. “Muhamad”).
    • Resolution: Escalation to CCO for false positives/positives.
  • Actions: Immediate account freeze and regulatory notification for confirmed matches.

8. Recordkeeping and Data Protection

  • Storage: Encrypted cloud databases with ISO 27001 certification.
  • Retention:
    • KYC Records: 7 years post-account closure.
    • Transaction Data: 10 years for cross-border transfers.
  • GDPR Compliance: Right to erasure balanced against regulatory obligations.

9. Employee Training and Culture

  • Curriculum:
    • Frontline Staff: Red flag recognition (e.g., mismatched IDs, inconsistent behavior).
    • Compliance Team: Advanced forensic accounting techniques.
  • Methods: Annual e-learning modules, quarterly workshops, and phishing simulations.
  • Whistleblower Protections: Anonymous reporting via SecureLine (third-party portal).

10. Third-Party Risk Management

  • Due Diligence:
    • Vendor Assessments: Annual reviews using standardized risk scores.
    • Contracts: AML clauses with audit rights and penalty provisions.
  • Monitoring: Surprise audits for high-risk agents (e.g., MSBs).

11. Internal Audits and Independent Reviews

  • Frequency:
    • Internal: Quarterly by Compliance Committee.
    • External: Biannual by PwC/KPMG.
  • Reporting: Findings disclosed to regulators and board within 14 days.

12. Customer Risk Categorization

  • Tiers:
    • Low: Salaried individuals with domestic transactions.
    • Medium: SMEs with international suppliers.
    • High: Crypto traders/PEPs.
  • Review: Annual re-categorization based on activity.

13. Regional Addendums

  • EU: Adherence to GDPR and 6AMLD (cybercrime inclusion).
  • US: OFAC compliance and FinCEN CTRs for cash transactions ≥$10,000.
  • APAC: AUSTRAC enrollment for real-time reporting.

14. Incident Management

  • Breach Response:
    1. Immediate account suspension.
    2. 72-hour regulatory notification (per GDPR).
    3. Post-incident review to update controls.

15. Appendices

  • Appendix A: STR Template (FINTRAC-compliant).
  • Appendix B: CDD Checklist for Corporate Clients.
  • Appendix C: FATF High-Risk Jurisdictions (2025 Update).

Approval and Review

This Policy, approved by the Board on March 3, 2025, is reviewed biannually. Amendments require CCO and Legal sign-off.

Contact

Compliance Hotline: +1-416-817-8648 (24/7)

Whistleblower Portal: secure.quickcollects.com/report