Anti-money Laundering Policy

1. Purpose and Scope

Nbajee maintains an anti-money laundering (AML) program designed to prevent the use of its services for money laundering, terrorist financing, or other criminal activity. This policy applies to the Nbajee brand, its employees, contractors, agents, and all customer accounts and transactions conducted through Nbajee platforms or systems.

2. Governance and Compliance Oversight

Nbajee designates a Money Laundering Reporting Officer (MLRO) who has sole responsibility for the AML program. The MLRO is empowered to develop, implement, and maintain policies, procedures, and internal controls; oversee training; approve risk-based customer due diligence; and coordinate monitoring and escalation activities. The MLRO reports to senior management and, where required by law, to the appropriate regulatory or supervisory authority.

3. Customer Due Diligence and Know Your Customer (KYC)

Nbajee applies a risk-based approach to customer due diligence. Actions are proportionate to risk, with enhanced measures for higher risk clients and products. The following elements are implemented at onboarding and maintained throughout the customer relationship.

• 3.1 Identity Verification – Nbajee collects minimum identifying information at account creation and conducts verification prior to processing payments in excess of USD 2,000 (per transaction or cumulative within a single session). Accounts are not opened or maintained with anonymous identifiers or fictitious names. Required data include the customer’s legal name, date of birth, country of residence, contact details (email and phone), payment instrument details, user credentials, IP address, and device information. Documents to verify identity may include a government-issued identity document (passport, national ID, or driver's license) and proof of address (recent utility bill or bank statement, issued within the last three months). Nbajee may supplement documentary evidence with independent verification via reputable data sources or dedicated verification platforms. Any ambiguity triggers escalation to the MLRO for review and possible additional verification.
• 3.2 Beneficial Ownership and Control – Nbajee identifies the true natural persons who ultimately own or control the customer and updates ownership information promptly upon material changes. If ownership cannot be established, Nbajee may refuse to open or may close the account.
• 3.3 Prohibited Jurisdictions, Sanctions, and PEPs – Nbajee screens customers against applicable sanctions and embargo lists. Accounts associated with sanctioned individuals or entities are immediately frozen and, where appropriate, closed. Politically Exposed Persons (PEPs) receive enhanced due diligence at onboarding and on an ongoing basis, with additional documentation and heightened monitoring as warranted by risk assessment.
• 3.4 Ongoing KYC and Risk Reassessment – Nbajee maintains a dynamic risk profile for each customer. High-risk customers undergo periodic reviews, with updates triggered by material adverse information, changes in customer activity, or regulatory guidance. If risk increases, additional verification may be required and documented.

4. Continuous Transaction Monitoring and Enhanced Due Diligence

Nbajee maintains ongoing monitoring of customer activity to identify and mitigate money laundering and terrorism financing risks. Monitoring comprises automated systems and manual review by qualified staff.

• 4.1 Transaction Monitoring – All activity is continuously monitored. A record of all transactions exceeding USD 1,000 is generated daily with relevant identifiers and contextual details for review.
• 4.2 Source of Funds and Payment Methods – Nbajee accepts only electronic, traceable payment methods approved by Nbajee and applicable regulators. Cash deposits are prohibited. Funds are returned to the originating payment channel where feasible; transfers between customer accounts or to third parties are prohibited unless explicitly sanctioned or compliant with regulatory requirements.
• 4.3 Red Flags and Thresholds – Red flags include, but are not limited to, deposits followed by immediate withdrawals without clear economic purpose, high-risk geography activity without justification, numerous changes of payment methods, or inconsistent identification data. When a red flag is identified, the MLRO and Transaction Monitoring Team initiate further due diligence or escalation as appropriate.
• 4.4 Record Keeping – Verification records, transaction data, and related communications are retained in accordance with applicable data protection laws and Nbajee policy for no less than five years after account closure or longer if required by law.

5. Reporting, Escalation, and Cooperation with Authorities

Nbajee maintains procedures for internal reporting and external cooperation as required by law. If suspicious activity or potential breaches are identified, employees must promptly notify the MLRO. The MLRO will determine whether a Suspicious Activity Report (SAR) or equivalent notification is required and will file with the competent authorities in accordance with applicable regulations. Nbajee cooperates with law enforcement and financial intelligence units, including the timely provision of information consistent with legal and regulatory allowances.

6. Training and Awareness

Nbajee provides ongoing AML training to all staff under the direction of the MLRO and the compliance team. Training occurs at least once per calendar year and is updated to reflect regulatory changes, typologies, and procedural updates. Training contents include red flags, escalation procedures, roles and responsibilities, and record-keeping obligations.

7. Data Protection, Privacy, and Record Retention

Nbajee processes personal data solely for AML compliance and service provision. Data handling complies with applicable data protection laws, and access to personal data is restricted to authorized personnel. Personal data retention aligns with legal and regulatory requirements; in all cases, Nbajee retains records for a minimum period of five years after account closure and longer where required by law or regulator guidance.

8. Policy Review and Audit

Nbajee reviews this AML policy at least annually and after any material regulatory or business change. The MLRO provides an annual report to senior management detailing program effectiveness, identified gaps, and action plans. Independent audits may be conducted to assess compliance and controls and to verify adherence to regulatory requirements.

9. Definitions

For the purposes of this policy, the following terms have the meanings set forth below: Money laundering means the process of concealing the origins of illegally obtained funds through a sequence of transactions or other arrangements. Enhanced Due Diligence (EDD) refers to heightened scrutiny applied to higher-risk customers or transactions. Customer Due Diligence (CDD) is the standard set of checks applied to verify identity and assess risk. Know Your Customer (KYC) is the process of verifying the identity of customers and assessing their risk profile. Politically Exposed Persons (PEPs) are individuals entrusted with prominent public functions and their immediate families, who require enhanced monitoring and screening.