Legal Document | Terms & Conditions

Terms & Conditions

1. OVERVIEW

This document provides a set of rules and processes to be followed when conducting Investment Dealer activities in our company. Investment Dealer plays a crucial role in our business as it involves acting as a middleman between buyers and sellers of financial instruments. To maintain the highest level of trust and dependability in our services, we must follow the highest standards of ethics, transparency, and accountability. The main goal of this policy is to ensure that all employees involved in Investment Dealer activities have a clear understanding of our expectations and responsibilities. It creates a framework for managing and monitoring risks associated with these activities and applies to all employees, regardless of their role or seniority level. This policy covers various essential areas such as defining the scope of Investment Dealer, outlining the roles and responsibilities of top management and employees involved in Investment Dealer activities, setting procedures for handling client orders and transactions, managing conflicts of interest, and monitoring and reporting key performance indicators and risk metrics. By following the guidelines and procedures set forth in this policy, we can guarantee that our Investment Dealer activities are conducted ethically, professionally, and in compliance with applicable regulations. All employees must read and understand this policy and comply with its provisions. Not following the policy may result in disciplinary action, including termination of employment.

2. OPTIMIZING RESOURCES

The Company takes responsibility for ensuring that it maintains the necessary incorporation and licensing to provide its services, and that any individuals employed or appointed to assist in service delivery are fit and proper, and duly licensed or registered as required. When considering expansion into new markets, the Company will conduct comprehensive legal research to assess the legality of its services, and will seek the advice of external legal counsel to verify compliance with regulations and to resolve any uncertainties

The Company will make sure to optimize the resources but in line with regulation but not limited with the followings:

• The Company must have sufficient financial, human, and technical resources in line with applicable laws to perform its duties and services properly. The Company will only appoint competent and experienced personnel to carry out its activities.
• The Company must have a physical business in Mauritius to comply with local regulations, including tax requirements, and to implement effective control principles.
• The Company must have adequate risk management procedures to regulate risk management activities. The procedures must establish positions for a risk manager and a risk management committee consisting of a director, the risk manager, and any other relevant employee who may be invited to join the committee from time to time.
• The Company must also have satisfactory IT/cybersecurity procedures to manage and control risks related to IT/cybersecurity. The procedures must include a Chief Technology Officer to oversee the management of IT/cybersecurity risks.
• These measures are necessary to ensure that the Company operates in compliance with applicable laws and regulations, manages risks effectively, and safeguards its operations against cyber threats.

3. ORGANISATIONAL VALUES

In addition to any other duties and obligations imposed upon by the Company, any officers appointed will always:

• Diligence: taking pride in their work and striving for excellence
• Reliability: being dependable and following through on commitments made to clients, colleagues, and supervisors
• Teamwork: working collaboratively and respectfully with colleagues towards shared goals
• Flexibility: adapting to changing circumstances and being open to new ideas and perspectives
• Initiative: taking proactive steps to solve problems, address challenges, and identify opportunities for improvement
• Professional development: committing to ongoing learning and development to enhance their skills and advance their career
• Accountability: taking ownership of their actions and decisions, and being willing to accept feedback and learn from mistakes
• Adaptability: being open to change and willing to embrace new technologies, tools, and approaches to work
• Customer service: being responsive and attentive to the needs and concerns of clients and customers
• Ethical behavior: upholding ethical principles and professional standards in all aspects of their work, including confidentiality, honesty, and integrity.
• Empowerment: empowering others through effective communication, mentoring, and coaching
• Innovation: embracing creativity and innovative thinking to drive positive change and growth
• Cultural competence: respecting and valuing diversity, and being sensitive to the cultural differences and needs of others
• Service orientation: being committed to serving others and making a positive impact in the world
• Positive attitude: maintaining a positive and optimistic attitude, even in challenging situations
• Humility: acknowledging one's limitations and being open to learning from others
• Emotional intelligence: being aware of and managing one's own emotions, as well as being sensitive to the emotions of others
• Work-life balance: achieving a healthy balance between work and personal life to maintain well-being and productivity
• Sustainability: being conscious of the impact of one's work on the environment and striving to promote sustainability in all aspects of work
• Courage: having the courage to speak up, challenge the status quo, and take risks to drive positive change.

4. ORGANISATIONAL STRUCTURE ROLES AND RESPONSIBILITES

Our company recognizes the importance of establishing a clear and effective organizational structure to ensure that our business operations are conducted efficiently and effectively. This policy outlines the roles, responsibilities, and reporting lines for each position within our organization, including the key functions and departments that make up our company. By adhering to this policy, we can ensure that each employee understands their role in achieving our organizational goals and objectives, and that we maintain a strong culture of accountability and collaboration across all levels of the organization. This also applies to all employees, regardless of their role or level of seniority, and it is the responsibility of each employee to familiarize themselves with this policy and to comply with the roles and responsibilities outlined herein. The policy covers key areas such as the company's mission and vision, reporting lines and communication channels, decision-making processes, and the allocation of resources and responsibilities. Through this policy, we aim to establish a clear and effective organizational structure that promotes transparency, accountability, and collaboration, and enables us to achieve our strategic objectives and meet the needs of our stakeholders.

Organisational Roles and Responsibilities
Directors

• Governance and Oversight: The Director is responsible for providing strategic guidance and direction to the company, ensuring that it operates in compliance with legal and regulatory requirements, and overseeing the management of risks and opportunities.
• Leadership and Management: The Director is responsible for setting the tone for the organization, establishing a strong culture of ethical behavior and accountability, and providing effective leadership and management to the company's employees and other stakeholders.
• Financial Oversight: The Director is responsible for overseeing the company's financial performance, ensuring that the company maintains sound financial practices, and approving budgets and financial plans.
• Stakeholder Engagement: The Director is responsible for building and maintaining relationships with key stakeholders, including clients, investors, regulatory bodies, and other industry participants.
• Business Development: The Director is responsible for identifying and pursuing business development opportunities, including new markets, products, and services, and ensuring that the company maintains a competitive edge in the industry.
• Compliance and Risk Management: The Director is responsible for ensuring that the company complies with all relevant laws, regulations, and industry standards, and that effective risk management processes are in place to mitigate potential risks and threats to the business.
• Board Governance and Administration: The Director is responsible for facilitating effective board governance, ensuring that board meetings are conducted efficiently and effectively, and overseeing the administration of the board, including board member selection and appointment processes.

Chief Executive Officer (“CEO”)

• The CEO is responsible for providing leadership and setting the strategic direction for the company, ensuring that it stays focused on its mission and objectives.
• The CEO is responsible for managing relationships with key stakeholders, including clients, investors, regulatory bodies, and other industry participants, and for representing the company to external parties.
• The CEO is responsible for managing the company's financial performance, including revenue growth, profitability, and cost management.
• The CEO is responsible for overseeing the company's risk management policies and procedures, and for ensuring that the company maintains a strong risk management culture.
• The CEO is responsible for overseeing the company's human resources policies and procedures, including recruitment, training, performance management, and employee engagement.
• The CEO is responsible for identifying and pursuing business development opportunities, including new markets, products, and services, and for ensuring that the company maintains a competitive edge in the industry.
• The CEO is responsible for ensuring that the company complies with all relevant laws, regulations, and industry standards, and for maintaining a strong relationship with regulatory bodies. Operation Manager (“OM”)

Operation Manager (“OM”)

• The OM is responsible for managing the day-to-day operations of the company, ensuring that all operational functions are running efficiently and effectively.
• The OM is responsible for identifying areas for process improvement within the company and implementing strategies to optimize operations and enhance efficiency.
• The OM may work closely with the CEO and CFO to manage the company's financial performance, including budgeting, forecasting, and cost management.
• The OM is responsible for overseeing the company's risk management policies and procedures, and for ensuring that the company maintains a strong risk management culture.
• The OM is responsible for overseeing the company's technology infrastructure and ensuring that it is up-to-date and properly maintained.
• The OM may work closely with the CEO to oversee the company's human resources policies and procedures, including recruitment, training, performance management, and employee engagement.
• The OM may work closely with the CEO and other senior executives to identify and pursue business development opportunities, including new markets, products, and services. Information Technology Officer (“ITO”)

Information Technology Officer (“ITO”)

• The IT Officer is responsible for managing the company's IT infrastructure, including hardware, software, and networks.
• The IT Officer is responsible for developing and implementing cybersecurity policies and procedures to protect the company's sensitive information and ensure the security of its IT systems.
• The IT Officer is responsible for providing technical support to staff and clients as needed, and for ensuring that IT-related issues are resolved quickly and effectively.
• The IT Officer is responsible for developing and implementing an IT strategy that aligns with the company's overall business goals and objectives.
• The IT Officer is responsible for managing the company's data, including data storage, backup, and recovery, and for ensuring that data is protected from loss or theft.
• The IT Officer is responsible for managing relationships with IT vendors and service providers, and for ensuring that they meet the company's standards for quality and service.
• The IT Officer is responsible for ensuring that the company's IT systems and procedures comply with all relevant laws and regulations, and for staying up-to-date on changes to the regulatory environment. Financial Officer (“FO”)

Financial Officer (“FO”)

• The Financial Officer is responsible for managing the company's financial resources, including cash flow, budgeting, and financial reporting.
• The Financial Officer is responsible for maintaining accurate and up-to-date accounting records, including accounts payable, accounts receivable, and general ledger.
• The Financial Officer is responsible for conducting financial analysis to support decisionmaking and for identifying opportunities for cost savings and revenue growth.
• The Financial Officer is responsible for managing financial risks, including credit risk, market risk, and operational risk, and for developing strategies to mitigate these risks.
• The Financial Officer is responsible for ensuring that the company's financial practices and procedures comply with all relevant laws and regulations, and for staying up-to-date on changes to the regulatory environment.
• The Financial Officer is responsible for managing the company's tax obligations, including filing tax returns and ensuring compliance with tax laws and regulations.
• The Financial Officer is responsible for managing the company's cash and liquidity, including cash flow forecasting, short-term investment management, and working capital management.

Sales and Marketing Officer (“S&M”)

• Market Research: The Sales and Marketing Officer is responsible for conducting market research to identify potential customers, market trends, and competitor strategies.
• Sales Planning and Execution: The Sales and Marketing Officer is responsible for developing sales plans and strategies to achieve the company's revenue targets, and for executing these plans through effective sales techniques and customer engagement.
• Customer Relationship Management: The Sales and Marketing Officer is responsible for building and maintaining strong relationships with customers, responding to customer queries and concerns, and developing strategies to enhance customer satisfaction.
• Brand Management: The Sales and Marketing Officer is responsible for managing the company's brand image and reputation, including developing brand messaging and positioning, and ensuring consistency across all marketing channels.
• Marketing Communications: The Sales and Marketing Officer is responsible for developing and executing marketing campaigns, including advertising, email marketing, social media marketing, and other promotional activities.
• Sales and Marketing Analytics: The Sales and Marketing Officer is responsible for tracking and analysing sales and marketing data, including customer demographics, market trends, and campaign performance, and for using this data to improve the effectiveness of sales and marketing strategies. Compliance Officer

Compliance Officer

• The CO is the reference point for AML/CFT matters within the company.
• The CO must have sufficient stature, authority and seniority to effectively influence decisions relating to AML/CFT.
• The CO must be "fit and proper" to carry out their AML/CFT responsibilities effectively.
• "Fit and proper" criteria include probity, personal integrity and reputation, competency and capability, and financial integrity.
• The CO must have the necessary knowledge and expertise to effectively discharge their roles and responsibilities, including keeping up-to-date with the latest developments in ML/TF techniques and AML/CFT measures.
• The CO is encouraged to have professional qualifications and certifications.
• The CO must not be placed in a potential conflict of interest regarding their responsibilities and should not be susceptible to undue influence.
• The roles and responsibilities of the CO must be clearly defined and documented.
• The CO is responsible for ensuring compliance with AML/CFT requirements, proper implementation of AML/CFT policies, and effective implementation of appropriate AML/CFT procedures.
• The CO must regularly assess the effectiveness and sufficiency of AML/CFT mechanisms to address changes in ML/TF trends.
• Channels of communication from employees to the CO must be secure and confidential.
• All employees must be aware of the company's AML/CFT measures, including policies, control mechanisms, and reporting channels.
• The CO must establish and maintain relevant internal criteria to detect suspicious transactions, evaluate internal generated suspicious transaction reports appropriately, properly identify ML/TF risks associated with new products/services or operational changes, and comply with other obligations imposed under the guidelines.

Organisational structure

legal_policy1_a

5. CONFLICT OF INTEREST

The Company is committed to conducting its business with integrity, honesty, and transparency. To maintain this commitment, we recognize the importance of identifying and managing conflicts of interest that may arise in the course of our operations. A conflict of interest occurs when an individual's personal interests, financial or otherwise, could influence or appear to influence their ability to act impartially and in the best interests of the company and its clients. Our Internal policy for conflict-of-interest is designed to promote a culture of openness and awareness of potential conflicts, to ensure that all employees act in the best interests of our clients, and to safeguard the integrity and reputation of our company. It sets out the procedures and guidelines that must be followed by all employees to identify, disclose, and manage conflicts of interest. It also establishes the roles and responsibilities of our management team in overseeing and monitoring compliance with this policy. We expect all employees to act with the utmost professionalism and to avoid any situation that could create or appear to create a conflict of interest. Any employee who becomes aware of a potential conflict of interest must immediately disclose it to their supervisor or the compliance officer. Failure to disclose a conflict of interest may result in disciplinary action, up to and including termination of employment.

Criteria and steps of Identifying Conflict of Interest

The Company will identify the conflict based on the followings: -

• A conflict of interest may arise if an employee's personal relationship with an individual or organization influences or is perceived to influence their actions or decisions.
• A conflict of interest may arise if an employee has a financial interest in a transaction, agreement, or arrangement that may affect the performance of their duties.
• A conflict of interest may arise if an employee's outside activities, such as consulting or serving on a board, compete or conflict with their duties or responsibilities within the company.
• A conflict of interest may arise if an employee receives gifts or entertainment from clients, suppliers, or other parties that may influence their actions or decisions.
• A conflict of interest may arise if an employee considers or accepts employment opportunities outside the company that may influence their actions or decisions within the company.
• A conflict of interest may arise if an employee discloses confidential information to a third party that may result in personal gain or benefit to themselves or others.

While it is not feasible to define precisely, or create an exhaustive list of, all relevant conflicts of interest that may arise, as per the current nature, scale and complexity of the Company’s business, The company may consider the following step on the identification of conflict of interest: -

• The first step is to identify potential conflicts of interest that may arise in the course of business operations. This can be done through a review of the company's organizational structure, business activities, and relationships with clients and third-party service providers.
• Once a conflict of interest has been identified, it should be assessed to determine the extent of the potential harm to the company and its clients. The assessment should consider the likelihood and magnitude of the harm, as well as any mitigating factors that may be available.
• After assessing the conflict of interest, appropriate measures should be taken to mitigate or eliminate it. This may involve changes to policies and procedures, restructuring of the company's organizational structure, or other measures to ensure that the interests of clients are prioritized over the interests of the company or its employees.
• Where a conflict of interest cannot be fully mitigated or eliminated, it should be disclosed to clients or other affected parties. This may involve providing information about the nature and scope of the conflict, as well as any steps taken to mitigate or manage it.
• Finally, conflicts of interest should be monitored on an ongoing basis to ensure that they continue to be effectively addressed. This may involve periodic reviews of policies and procedures, as well as ongoing monitoring of business activities and relationships to identify any new conflicts of interest that may arise.

The following list includes circumstances which constitute or may give rise to a conflict of interest entailing a material risk of damage to the interests of one or more Clients, as a result of providing investment services:

• Personal financial interest in a recommended company or investment.
• Personal relationship with a client that could influence advice or decisions.
• Professional relationship with a client or business partner that could influence advice or decisions.
• Access to confidential information that could be used to gain a competitive advantage.
• Dual roles that conflict with each other.
• Compensation structures that incentivize prioritizing own financial interests over clients.
• Recommending investment products that benefit the firm rather than the client's best interest.
• Outside business interests that conflict with responsibilities to the firm or clients.
• Personal biases or opinions that could influence recommendations or decisions.
• Political affiliations or interests that could influence decision-making.

Procedures and Control for Managing Conflicts of Interest

In general, the procedures and controls that the Company follows to manage the identified conflicts of interest include the following measures (list is not exhaustive):

• Employees should be required to disclose any potential conflicts of interest to their supervisor or compliance department.
• The company will provide education and training to employees on identifying and managing conflicts of interest.
• The company will make sure to separate the duties of employees to prevent conflicts of interest from arising.
• The company will establish a code of conduct that requires employees to act in the best interests of clients and avoid conflicts of interest.
• The company will establish an independent oversight function to monitor and enforce the conflict-of-interest policy.
• The company will regularly review and assess the effectiveness of the conflict-of-interest policy and make updates and changes as necessary.
• The company will maintain detailed records of all conflicts of interest disclosures, actions taken, and outcomes.

6. INFORMATION MANAGEMENT

The Company acknowledges that it will be collecting personal information from potential clients and is committed to upholding high standards of integrity in handling this information. It seeks to provide fair, secure, and appropriate methods for processing this information in accordance with generally accepted privacy ethics and standard business practices. The Company will implement an appropriate Information management (IM) to complement its Customer Due Diligence (CDD) process, tailored to its business activities and the risk profile of money laundering/terrorist financing (ML/TF). The IM will be accessed through the Company's KYC and back-office systems, and the Compliance Officer and back-office will monitor all transactions recorded in the system. Any suspicious activities exceeding the Company's threshold will be investigated, and the information recorded in the CRM system, which is reliable, accurate, and up-to-date.

This system information aligns with the regulatory requirements and standards in the following ways:

a) The Information management IM must be appropriate for the size, complexity, and nature of the Company's business.
b) The IM should include, at a minimum, information on transactions that exceed specified internal thresholds, large transactions, multiple transactions over a certain period, anomalies in transaction patterns, and customer risk profiles.
c) The IM should be able to consolidate customer transactions from multiple accounts or systems.
d) The IM may be integrated with the Company's system that contains its customer's normal transactions or business profile, which must be accurate, reliable, and up-to-date.

In this respect, the Company will adopt and implement adequate privacy policy measures.
Principles of the Company's privacy policy will include:

(a) Personal Information
The Company will collect personal information specifically and knowingly provided by clients. Where stated, the Company may use the personal information of the client to contact them about the Company’s products and services or to provide them feedback and updates in relation to their use of the services of the Company. The Company will only hold data which is necessary to offer its services and ensure continuity of the services.
(b) Privacy Statement Changes
The Company may change its privacy policy at any time and will notify the clients of such changes so that they are satisfied with the conditions under which they provide the Company their personal information.
(c) Retention of Records
Under FATF Recommendation 11, Financial institutions are expected to maintain, for at least five (5) years, all necessary records on transactions, both domestic and international, to enable them to comply swiftly with information requests from the competent authorities. Such records must be sufficient to permit reconstruction of individual transactions (including the amounts and types of currency involved, if any) so as to provide, if necessary, evidence for prosecution of criminal activity The Company will keep personal information only as long as it is necessary, including for the purposes of providing its services or as required by law. The Company will safeguard all clients’ information in its custody and will develop and maintain security procedures to safeguard personal information against loss, theft, copying, and unauthorized disclosure, use or modification. Access to personal information is restricted strictly to employees and authorized service providers with a need to know and use for the performance of their activities. The Company will make no other use of the personal information of the clients unless authorized.

7. RISK BASED ASSESSMENT (“RBA”) AND BUSINESS RISK BASED ASSESSMENT

The Risk-Based Approach (RBA) is a crucial strategy that should be implemented to ensure that measures taken to prevent or mitigate money laundering and terrorist financing are in line with the level of risk identified. The application of the RBA enables efficient allocation of resources across the anti-money laundering and countering the financing of terrorism (AML/CFT) regime. This approach should be integrated into the implementation of risk-based measures throughout the FATF Recommendations. The RBA involves the identification of the potential risks associated with particular activities or individuals, assessing the level of risk and implementing appropriate measures to manage the identified risks. This approach recognizes that not all risks are the same, and thus, measures taken to address the risks should be proportionate to the level of risk identified. By applying the RBA, entities can prioritize their resources and focus their efforts on the areas that pose the highest risk of money laundering or terrorist financing. This approach can also enhance the effectiveness of AML/CFT measures by ensuring that resources are directed towards areas of greatest need, resulting in a more efficient and effective AML/CFT regime.

Risk based assessment will consist the followings:

a) Customer risk
b) Service and product risk
c) Countries or geographical location
d) Transaction and distribution channels

Customer Risk

Customer risk refers to the potential level of risk associated with a prospective client. The company caters to a diverse client base ranging from individuals to listed corporations, private companies, and regulated institutions, each with varying levels of risk based on their nature. Assessing client risk involves a thorough evaluation and determination of the level of risk associated with a potential or existing client. This process entails assessing several factors such as the client's background, business activities, financial status, and overall risk profile to determine the risk level they pose to the company. The aim of this assessment is to identify and mitigate potential risks, thereby safeguarding the interests of the company and its stakeholders. This approach ensures that the company provides services in a responsible and compliant manner while protecting its own interests. The following factors must be taken into account when conducting client risk assessment:

a. Resident/Non-resident - it can affect the level of due diligence required by the company to verify the client's identity and assess the level of risk associated with the relationship.
b. Type of customer - such as high net worth individuals or politically exposed persons (PEPs), may be at a higher risk for money laundering or other financial crimes.
c. Occasional or one-off - can impact the level of due diligence required and the ongoing monitoring of the relationship.
d. Legal person structure - it can impact the level of due diligence required and the ability to identify the beneficial owners of the entity.
e. Type of PEPs - they may be more susceptible to bribery or corruption, which could pose a risk to the company.
f. Type of occupation - as certain professions, such as lawyers or accountants, may be at a higher risk for involvement in financial crimes.

Service and Product Risk

The company primarily offers financial instruments, which unfortunately have been used for money laundering. To address this risk, we are enhancing our KYC tools to better combat money laundering and terrorist financing. It is well-known that establishing a business relationship through non-face-to-face channels is riskier than face-to-face interactions. This is because it can be harder to verify the customer's identity and confirm the accuracy of the information provided. However, we use electronic checks such as geolocation, IP tracking, and bin information management matching to mitigate this risk. We also conduct interviews and collect proof to ensure that our policies and tools are functioning properly in line with our procedures. All of our clients are non-face-to-face, but we are taking proactive measures to manage this risk.

Countries and Geographical Location Risk

Assessing country and geographical location risk is essential to determine the level of risk associated with conducting business in a specific region or country, such as Mauritius where our company operates. According to the National Risk Assessment (NRA) report dated 29 August 2019, Mauritius is classified as Medium to High risk with an overall medium risk for terrorist financing. To evaluate the level of risk associated with conducting business in Mauritius, our company will consider various factors, including political stability, economic conditions, and legal and regulatory environment. By conducting this assessment, we aim to identify potential risks and take measures to mitigate them to protect our company and stakeholders while ensuring compliance with relevant laws and regulations. The ultimate goal of this assessment is to make informed decisions about where to conduct business, i.e., target markets, and how to manage and mitigate risks in those areas. We understand that conducting business in certain regions may pose higher risks, and we are committed to mitigating those risks through robust risk management practices and compliance with applicable laws and regulations. Based on the information above. The Company will calculate the risk based on the below information from the clients of the Company. From this the company will now how much the risk of the Company have. The client risk template will be presented in Appendix I.

Type of risk	Risk Factor	Risk factor
Client risk	a. Type of client	a. Individual, b. Corporate, c. Legal arrangement, Club, societies and charities
	b. Type of occupation	a. Salaried b. Self-employed
	c. Type of business	a. trading b. Services c. Cash intensive business
	d. Risk client country level (this is based on the company’s policy)	a. Low (e.g. Malaysia) b. Medium(e.g. Australia) c. High (e.g. China)
	e. Characteristic of client	a. High net worth b. Domestic PEP c. Foreign PEP
	f. Structure/nature of client	a. Legal person with complex structure b. Legal person which has nominee relastionship c. Others
Product and service risk	a. Easily transferable to another party
	b. Ownership not easily traceable to customer
	c. Can be easily to convert to cash
	d. Place deposit for a period of time for trading purpose
	e. Can easily transported or concealed
	f. Product can be use as an alternative for of currency
	g. Product is high value in nature
	h. Customer can purchase the product via non-face-to-face channel
	i. Allow use of virtual asset and other anonymous means of payment
	j. Allow use of unusual payment such as real estate, precious metal and stones
Geographical location risk	Location of holding company, subsidiary company and branch	Located at crime hotspot
		Located at country’s border
		Located at country’s entry points
		Located at high risk countries
transactions and delivery channel risk	a. Mode of delivery b. Mode of payment (cash/electronic payment) c. transaction location	a. Total of non-face to face transaction b. Total number of value of cash transaction c. Total value of cash in fiat d. Volume of e-payment transaction e. Total value of e- payment in fiat f. Volume of transactions from high-risk country g. Value of transaction from/to high-risk countries

Business Risk Assessment Calculation

We have carefully considered the various business risks and developed the below table. The resultant scores will determine which level of due diligence is applied to a given customer interaction.

The formula of this assessment will be as follows: Inherent Risk – Control Effectiveness = Residual Risk The tables below summarized the findings and scores obtained from the assessment.

A. INHERENT RISK ASSESSMENT

Parameters of risk factor	Findings	Scoring Point
Customer Risk Factor
Percentage of High-Net-Worth Investors within the Company	%
Percentage of high-risk customer compared to total number of customers	%
Nature of business of the customers (Cash Intensive Business)	%
Exposure of PEPs	%
Complexity of the customer’s legal structures
Likelihood of the customers and/or transactions originating from FATF blacklist countries or tax haven jurisdictions	Likely/unlikely
Geographical and Jurisdiction
The geographic location of the Company	%
Ratio of customers from high-risk countries	%
Products and Services Risk Factor
Inherent risk rating derived from the self-assessment completed by Business Division	%
transactions and Delivery Channel Risk Factor
Percentage of transaction conducted through non- face-to-face channel	100%
Percentage of mode of payment in cash	%
Percentage of transaction from/to high-risk countries	%
Company’s Structure
Number of subsidiaries/branches located at high-risk countries, crime hotspots, country’s border or entry- points, high corruption rate.
Level of staff turnover
Findings on the National Risk Assessment
Findings of NRA in terms of sectoral risk assessment (2019)	Low/Medium/Hig h Risk
	Total Score	X/45
	Overall Inherent Risk Rating	Low/Medium/Hig h

Guide:

15-24

Low

25-33

Medium

34-45

High

B. CONTROL EFFECTIVENESS

	Average Category Score (%)	Category Rating
Governance and Framework	𝑋 12 × 100% = 100%	Deficient /Marginal /Satisfactory/Good
Customer Due Diligence	𝑋 8 × 100% = 100%	Deficient /Marginal /Satisfactory/Good
On-Going Monitoring	𝑋 9 × 100% = %	Deficient /Marginal /Satisfactory/Good
Screening	𝑋 12 × 100% = %	Deficient /Marginal /Satisfactory/Good
training and Awareness	𝑋 7 × 100% = %	Deficient /Marginal /Satisfactory/Good
Periodical Risk Assessment	𝑋 5 × 100% = 100%	Deficient /Marginal /Satisfactory/Good
		Total Score
		Average Score
		Overall Control Effectiveness Rating

Average Score	Category Rating
>75	Good
50-74	Satisfactory
25-50	Marginal
0-24	Deficient

C. RISK SUMMARY AND RESULTS

Residual Risk Rating		Control Effectiveness
Residual Risk Rating		Good	Satisfactory	Marginal	Deficient
Inherent Risk	Low		Low	Low	Medium	High
	Medium	Low	Medium	Medium	High
	High	Medium	Medium	High	High

Inherent Risk assessment and Control Effectiveness is based on the Appendix I and II.

Risk Assessment Report

After get the result the risk assessment Compliance will determine the compliance review cycle of the Company which based on the followings :-

Final Residual Risk Rating	Compliance Review Cycle
High	Once every 6 months
Medium	Once every year
Low	Once every 2 years

Audit Review Cycle

In addition, based on the score the Company will suggests that the frequency of AMLCFT Independent Audit (the "Audit"), to be conducted, in order to commensurate with the Company's size, volume of clients, business nature as an investment advisor and risk appetite. In the event that the compliance review cycle is shorten after the next assessment, The Company also can propose the Audit to be shorten accordingly to uphold sound risk management and governance.

8. SUMMARY

The Internal Control Policy and Procedure are crucial for ensuring effective governance of a company. Without proper governance, a company risks violating various codes and practices, which could lead to Information management and communication breakdowns. It is important to establish clear segregation of duties and ensure its implementation so that employees understand their roles and responsibilities, and to avoid any potential conflicts of interest. The company must also closely monitor and ensure compliance to prevent any discrepancies or personal gain by top management that could breach their duties.

1. OVERALL BUSINESS RISK

a. Please indicate the business nature of your clients and the percentage (%) contribution to the total business:
No Client’s business nature % Contribution to Total Business 1 A %
b. Company structure
No. of subsidiary :
No. of branches :
No. agents/brokers :
No. of employees :
No. of resignation of employee within the assessment period:

a. Products risk factors

No	Risk Factor
1	Product can be easily transferable to another party	Yes
1	Product can be easily transferable to another party	No
2	Product’s ownership not easily traceable to customer	Yes
2	Product’s ownership not easily traceable to customer	No
3	Product can be easily converted to cash or exchange to another form	Yes
3		No
4	Customer can place deposit for a period of time for product purchase	Yes
4		No
5	Product can easily be transported or concealed	Yes
5	Product can easily be transported or concealed	No
6	Product can be used as an alternative form of currency	Yes
6	Product can be used as an alternative form of currency	No
7	Product is high value in nature	Yes
7	Product is high value in nature	No
8	Customer can purchase product through non-face-to-face channel	Yes
8		No
9	Allow use of virtual asset and other anonymous means of payment	Yes
9		No
10	Allow use of unusual mean of payment e.g. high value items such as real estate, precious metals and stones	Yes
10		No

b. Services risk factors

No	Risk Factor
1	Services that allow deposit/payment from third-party/unknown parties to pay on behalf	Yes
1		No
2	Services that allow transfer of fund to third-party/unknown parties	Yes
2		No
3	Services that allow cross-border fund transfer	Yes
3	Services that allow cross-border fund transfer	No
4	Services include creation/setting up of complex legal arrangements	Yes
4		No
5	Services that are capable of concealing beneficial ownership from competent authorities	Yes
5		No
6	Services that provide nominee director/shareholders	Yes
6	Services that provide nominee director/shareholders	No

Products and Services risk assessment: 0% - 34% “Yes” = Low risk 35% - 66% “Yes” = Medium risk 67% - 100% “Yes” = High Risk	Low	Medium	High

3. CUSTOMER RISK

Risk Factors
Type of customers	Individual customers:
	Legal persons:
	Legal arrangements:
	Clubs, Societies and Charities:
	Others (Please specify):
Type of occupation for individual customer	Salaried:
Type of occupation for individual customer	Self-employed	trading: Services: Others:
Nature and type of business of	trading:
Nature and type of business of	Services:
legal persons	Cash intensive business (e.g. used cars):
legal persons	Others:
Risk Level (based on the Company own customer risk profiling)	Low risk:
	Medium risk:
	High risk:
Characteristics of customers	High net worth: Domestic PEPs: Foreign PEPs:
Structure/ nature of customer	Legal person which has complex structure or multiple layers of ownership
	Legal person which has nominee relationship
	Customers that are cash intensive businesses
	Others (please specify):

4. GEOGRAPHICAL LOCATION RISK

		Total	Percentage(%)
	No of subsidiaries or branches located
	at/near crime hotspots
	No of subsidiaries or branches
	located at/near country’s border
	No of subsidiaries or branches located
Location of Holding, subsidiary or branch	at/near country’s entry points
Location of Holding, subsidiary or branch	No of subsidiaries or branches located in
	higher risk countries

5. TRANSACTIONS AND DELIVERY CHANNEL RISK

Risk Factors Total
Mode of delivery		Volume of non-face-to-face transactions e.g. online, agents
Mode of payment	Cash	Value of cash transaction (total value of cash transaction/total value of all transaction)
	Cash	Volume of cash transaction (total no. of cash transaction/total no. of all transaction)
	Electroni c payment	Volume of e-payment (no. of e- payment transaction/total no. of all transaction)
	Electroni c payment	Value of e-payment transaction (total value of e-payment transaction/total value of all transaction)
transaction location		Volume of the transactions from/to high- risk countries
transaction location		Value of transactions from/to high-risk countries

Appendix II

Governance and Framework

#	QUESTION	Response	Additional Comment	Point allocated
1	Does this Assessment Unit have written AML related policies or procedures?	YES/NO		0/1
2	Have the AML related policies and procedures been reviewed and, if necessary, revised to reflect changes in the Company, regulations, industry best practices?	YES/NO		0/1
3	Does all Assessment Unit staff have easy access to the AML policies and procedures and plain- language explanations of policies and procedures?	YES/NO		0/1
4	Does the Assessment Unit or (via any party in the Company) communicate AML policies and procedures to relevant subsidiaries or branches?	YES/NO		0/1
5	Does the Assessment Unit or the Company have mechanisms in place to ensure relevant subsidiaries or branches comply with AML policies and procedures?	YES/NO		0/1
6	Does the Board of Directors or Senior Management responsible to the overall oversight of ML/TF risks of the Company?	YES/NO		0/1
7	Does the committee include senior management from the risk and/or compliance function?	YES/NO		0/1
8	Is there a staff in the Assessment Unit assigned for ML/TF risks detection and due diligence process?	YES/NO		0/1
9	Are Assessment Unit staff’s job responsibilities and expectations with regard to AML clearly defined such as in job descriptions and performance goals, and evaluations?	YES/NO		0/1
10	Is there a Compliance Officer (“CO”) or Designated Compliance Officer ("DCO") with responsibility for overseeing all of the Assessment Unit’s activities relating to the prevention and detection of ML/TF risks?	YES/NO		0/1
11	Does the CO provide sufficient support and guidance to the Assessment Unit to ensure that ML/TF risks are adequately managed?	YES/NO		0/1
12	Does the Assessment Unit have processes and procedures to identify and escalate ML risk and compliance issues to the CO, MLRO, and/or senior management as appropriate?	YES/NO		0/1
			Total	X/12

Customer Due Diligence

#	QUESTION	Response	Additional Comment	Point allocated
1	Does the Assessment Unit have clear KYC/CDD/ECDD processes for evaluating ML/TF risks of the Company's clients?	YES/NO		0/1
2	Does the Assessment Unit conduct KYC/CDD/ECDD as per the procedures within the stipulated timeline?	YES/NO		0/1
3	Does the Assessment Unit have clear procedures in detecting potential suspicious activity, changes in activity, changes in the purpose or nature of the business relationship, or any other possible red flags?	YES/NO		0/1
4	Does the Assessment Unit have clear procedures in reporting the suspicious activity to the regulators?	YES/NO		0/1
5	Does the Assessment Unit have a clear process for referring identified trigger events to the appropriate PIC responsible for performing CDD?	YES/NO		0/1
6	Does the Assessment Unit have a clear process for referring identified changes in activity responsible for performing CDD and escalating the matter to the CO or PO as appropriate?	YES/NO		0/1
7	Does the Assessment Unit use a risk-based approach to determine the extent of its customer and account monitoring for each customer or category of customers?	YES/NO		0/1
8	Does the Assessment Unit provide training and guidance to its staff to identify potentially suspicious behaviour, to recognize when ML is taking place, and to escalate such suspicions to the CO/DCO?	YES/NO		0/1
			Total	X/8

On-going Monitoring

#	QUESTION	Response	Additional Comment	Point allocated
1	Does the Assessment Unit investigate the alerts arising from customer and account monitoring and report to DCO?	YES/NO		0/1
2	Does the Assessment Unit have clear procedures for investigating alerts to identify where ML is or is suspected of occurring?	YES/NO		0/1
3	Does the Assessment Unit has a process to manage, track, and escalate alerts and cases?	YES/NO		0/1
4	Does the Assessment Unit perform any manual monitoring of customers and accounts?	YES/NO		0/1
5	Does the Assessment Unit prepare and file suspicious transaction reports (“Strs”) where there is knowledge or suspicion of ML occurring?	YES/NO		0/1
6	Are all such reports filed in a timely manner? (If any)	YES/NO		0/1
7	Does the Assessment Unit have in place clear procedures for informing LFSA, BNM and other relevant local regulators of sanctions violations?	YES/NO		0/1
8	Does the Assessment Unit or the Company have a DCO who oversees all investigations, Str filing, and any other relevant regulatory reporting?	YES/NO		0/1
9	Does the DCO provide clear guidance regarding to the identification, escalation, investigation, and reporting of potentially suspicious activity to relevant staff?	YES/NO		0/1
10	Does the DCO update guidance in response to changes in regulations and regulatory guidance, the Company’s ML risk profile, ML topologies, and policies and procedures?	YES/NO		0/1
11	Does the Assessment Unit take measures to prevent “tipping off” the customer/target/related party with regard to the investigation of potentially suspicious activity or the filing of Strs?	YES/NO		0/1
			Total	X/11

Screening

#	QUESTION	Response	Additional Comment	Point allocated
1	Does the Assessment Unit have policies and procedures on screening process?	YES/NO		0/1
2	Does the Assessment Unit maintain a database or list of names for screening of transactions, customers, accounts?	YES/NO		0/1
3	Does the screening list or database include relevant names and details of sanctioned persons and entities?	YES/NO		0/1
4	Does the screening list include terrorist financing suspects?	YES/NO		0/1
5	Does the Assessment Unit screen the clients against the relevant database prior to onboarding?	YES/NO		0/1
6	Does the Assessment Unit employ a transaction screening system to screen the clients?	YES/NO		0/1
7	Does the Assessment Unit perform manual transaction or document screening for any transactions?	YES/NO		0/1
8	Does the Assessment Unit screen its entire customer base after any update to the database?	YES/NO		0/1
9	Does the Assessment Unit screen parties connected to customers such as BO, directors, account signatories, controllers?	YES/NO		0/1
10	Does the Assessment Unit perform manual customer, employee, and connected parties names and related-information screening?	YES/NO		0/1
11	Does the Assessment Unit have in place clear procedures and guidance for dispositioning screening hits as false hits?	YES/NO		0/1
12	Does the Assessment Unit have clear processes for escalating screening hits to the appropriate investigation team?	YES/NO		0/1
			Total	X/12

Training and Awareness

#	QUESTION	Response	Additional Comment	Point allocated
1	Does the Assessment Unit have a clear training plan?	YES/NO		0/1
2	Does the Company provide AML training to relevant staff in the Assessment Unit on an at least annual basis?	YES/NO		0/1
3	Does the Assessment Unit provide AML training to relevant staff when there are changes in regulations, policies and procedures, or ML typologies?	YES/NO		0/1
4	Are trainings sufficiently comprehensive to inform staff of their AML roles and responsibilities?	YES/NO		0/1
5	Does the Assessment Unit attended all the AML training sessions?	YES/NO		0/1
6	Does the Assessment Unit document the attendance, content, timing, and results of training?	YES/NO		0/1
7	Do the training records being kept in a proper manner?	YES/NO		0/1
			Total	0/7

Periodical Risk Assessment

#	QUESTION	Response	Additional Comment	Point allocated
1	Is there any periodical AML risk assessment in the Assessment Unit or Company?	YES/NO		0/1
2	Does the Assessment Unit conduct customer risk profiling and assessment?	YES/NO		0/1
3	Is the Assessment Unit's AML capability being reviewed and assessed by an independent audit function?	YES/NO		0/1
4	There is no material finding detected from the above-mentioned independent audit or assessment.	YES/NO		0/1
5	If there is any minor observation detected from the above-mentioned independent audit, the Assessment Unit/Company deployed sufficient action plan to resolve the issue.	YES/NO		0/1
			Total	X/5