Anti-Money Laundering Policy

1. Introduction and Purpose

CODEGENIX LTD. ("Catalyst," "we," "our," or "us") is committed to preventing money laundering, terrorist financing, and other financial crimes. This Anti-Money Laundering (AML) Policy outlines our commitment to compliance with applicable laws and regulations.

This policy applies to all employees, contractors, and third parties acting on behalf of Catalyst. We are committed to:

• Complying with all applicable AML laws and regulations
• Implementing effective controls to detect and prevent financial crime
• Reporting suspicious activities to relevant authorities
• Maintaining appropriate records of customer transactions
• Providing ongoing training to our staff

2. Regulatory Framework

Our AML program is designed to comply with applicable laws and regulations, including but not limited to:

• The Money Laundering, Terrorist Financing and Transfer of Funds Regulations
• EU Anti-Money Laundering Directives (AMLD)
• Financial Action Task Force (FATF) Recommendations
• Local regulatory requirements in jurisdictions where we operate

We regularly review and update our policies to ensure continued compliance with evolving regulatory requirements.

3. Customer Due Diligence (CDD)

3.1 Know Your Customer (KYC)

We implement robust KYC procedures to verify the identity of our users:

• Collection of identification documents (government-issued ID, passport)
• Verification of address through utility bills or bank statements
• Verification against sanctions lists and PEP databases
• Ongoing monitoring of customer activity and periodic reviews

3.2 Verification Levels

We apply different levels of due diligence based on risk assessment:

• Basic: Required for all users - email verification and basic identity information
• Standard: Required for transactions above threshold - ID verification and proof of address
• Enhanced: Required for high-risk users or large transactions - additional documentation and source of funds verification

4. Risk Assessment

4.1 Risk-Based Approach

We adopt a risk-based approach to AML compliance, assessing risks based on:

• Customer Risk: Type of customer, geographic location, occupation, transaction patterns
• Product Risk: Nature of services used, payment methods, transaction volumes
• Geographic Risk: Country of residence, countries involved in transactions
• Channel Risk: Non-face-to-face relationships, online transactions

4.2 High-Risk Indicators

We apply enhanced scrutiny to users or transactions exhibiting high-risk indicators, including:

• Politically Exposed Persons (PEPs) and their associates
• Users from high-risk jurisdictions
• Unusual or complex transaction patterns
• Inconsistencies between stated purpose and actual activity

5. Transaction Monitoring

5.1 Monitoring Systems

We employ automated systems to monitor transactions for suspicious activity:

• Real-time transaction screening against sanctions lists
• Pattern recognition for unusual transaction behavior
• Threshold-based alerts for large transactions
• Velocity checks for rapid or frequent transactions

5.2 Red Flags

We investigate transactions that may indicate money laundering, including:

• Transactions with no apparent business purpose
• Structuring transactions to avoid reporting thresholds
• Rapid movement of funds through accounts
• Transactions inconsistent with customer profile
• Multiple accounts with similar patterns or linked activity

6. Suspicious Activity Reporting

6.1 Internal Reporting

All employees are required to report suspicious activities. Reports should be made promptly and include all relevant details.

6.2 External Reporting

Where required by law, we file Suspicious Activity Reports (SARs) with the relevant Financial Intelligence Unit (FIU). We maintain strict confidentiality regarding SAR filings and do not inform the subject of any report.

6.3 Tipping Off

It is a criminal offense to "tip off" any person that a SAR has been or may be filed. All employees are prohibited from disclosing any information related to suspicious activity investigations.

7. Sanctions Compliance

We screen all users and transactions against applicable sanctions lists, including:

• EU Consolidated Sanctions List
• UK HM Treasury Sanctions List
• US OFAC Specially Designated Nationals List
• UN Security Council Consolidated List

We do not provide services to sanctioned individuals, entities, or countries, and will freeze accounts and report matches to relevant authorities.

8. Record Keeping

We maintain comprehensive records as required by law:

• Customer identification and verification documents: minimum 5 years after relationship ends
• Transaction records: minimum 5 years from date of transaction
• Internal suspicious activity reports: minimum 5 years
• Training records: minimum 5 years

Records are stored securely and made available to regulatory authorities upon request.

9. Training and Awareness

We provide comprehensive AML training to all relevant staff:

• Initial training upon hiring
• Annual refresher training
• Updates on regulatory changes and new typologies
• Role-specific training for high-risk functions

10. Governance and Oversight

10.1 Independent Review

Our AML program is subject to regular independent review to ensure effectiveness and compliance. Findings are reported to senior management with recommendations for improvement.

11. User Obligations

By using our platform, users agree to:

• Provide accurate and complete identification information
• Update information promptly if it changes
• Not use the platform for any illegal purpose
• Cooperate with our verification and monitoring procedures
• Not structure transactions to evade reporting requirements

12. Consequences of Non-Compliance

Failure to comply with this policy or applicable AML laws may result in:

• Account suspension or termination
• Freezing of funds
• Reporting to law enforcement authorities
• Civil or criminal penalties

13. Policy Updates

This policy is reviewed annually and updated as necessary to reflect changes in regulations, business operations, or risk assessment. Material changes will be communicated to users through our platform.