ANTI-MONEY LAUNDERING (AML) POLICY

LOTUS INFORMATION TECHNOLOGIES LTD Last Updated: Monday, April 29, 2025

1. Purpose

This AML Policy outlines the commitment of LOTUS INFORMATION TECHNOLOGIES LTD ("the Company") to detect, prevent, and report money laundering and terrorism financing activities in accordance with the UK Money Laundering Regulations 2017, the Proceeds of Crime Act 2002, and guidance provided by the Financial Conduct Authority (FCA).

2. Scope

This policy applies to all products, services, customers, employees, and business operations of the Company, including the operation of our fintech platform and cryptocurrency wallet services.

3. AML Compliance Officer

We designate an AML Compliance Officer (MLRO) responsible for:

• Overseeing the Company’s AML compliance program

• Receiving and investigating internal suspicious activity reports (SARs)

• Filing SARs with the National Crime Agency (NCA)

• Training staff and reviewing AML policies regularly

4. Customer Due Diligence (CDD)

We implement risk-based CDD for all customers:

• Standard CDD for regular users

• Enhanced Due Diligence (EDD) for high-risk users, including:

  • Politically Exposed Persons (PEPs)

  • Users from high-risk jurisdictions

  • Transactions above defined thresholds

CDD Process includes:

• Identity verification (name, address, DOB)

• Document collection (passport, utility bills, etc.)

• Liveness checks and biometric verification

• Ongoing monitoring

5. Know Your Customer (KYC)

We collect and verify user data via reliable, independent sources. Our KYC checks include:

• Name matching against global sanctions lists (e.g., OFAC, UN)

• Proof of address

• Source of funds and wealth when required

6. Ongoing Monitoring

We monitor customer transactions for:

• Large or unusual transfers

• Rapid movement of funds across wallets

• Use of mixing services or privacy coins (e.g., Monero)

• Layering or other suspicious behaviors

Flagged transactions are reviewed manually and may trigger a SAR.

7. Suspicious Activity Reporting (SAR)

If suspicious activity is identified, the AML Officer will:

1. Document the transaction details

2. Evaluate the suspicion internally

3. Submit a SAR to the NCA (UK) using the SAR Online system

Important: Staff are prohibited from "tipping off" the customer under UK law.

8. Record Keeping

We retain the following records for at least 5 years:

• KYC documents and verifications

• Transaction logs

• SARs and internal communications

• AML training records

9. Staff Training

All employees undergo mandatory AML training:

• At onboarding

• Annually

• Whenever regulations or internal procedures change

10. Risk Assessment

We maintain a documented, risk-based approach that considers:

• Customer type

• Transaction type and size

• Delivery channel (e.g., mobile app, web)

• Jurisdiction

Our risk assessment framework is reviewed and updated periodically.

11. Independent Audit

We commission periodic, independent audits of our AML program to ensure compliance with UK laws and internal standards.