Anti-Money Laundering Policy

Spendix Technology Limited ("Spendix", "we", "us") is committed to the highest standards of Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) compliance. This policy sets out our approach to detecting, preventing, and reporting money laundering, terrorist financing, and other financial crime. This policy applies to all Spendix employees, contractors, agents, and partners. All persons associated with Spendix are required to comply with this policy and the applicable laws and regulations.

Spendix operates in compliance with the following UK legislation and regulations: • Proceeds of Crime Act 2002 (POCA) • Terrorism Act 2000 • Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs 2017) • Counter Terrorism Act 2008 • Sanctions and Anti-Money Laundering Act 2018 • Electronic Money Regulations 2011 • Payment Services Regulations 2017 • Financial Conduct Authority (FCA) guidance on financial crime We also comply with relevant international standards, including FATF (Financial Action Task Force) recommendations.

Spendix adopts a risk-based approach to AML/CTF compliance. We assess the money laundering and terrorist financing risks associated with: • Our customer base (individual and business customers) • The countries and jurisdictions we operate in or send funds to • The products and services we offer (remittance, e-money, marketplace) • Delivery channels and transaction types Our risk assessment is reviewed at least annually and updated when significant changes occur in our business or the regulatory environment. Higher-risk customers, transactions, and jurisdictions are subject to enhanced due diligence.

We apply Customer Due Diligence (CDD) measures to all customers before establishing a business relationship or processing transactions. CDD includes: Standard CDD: • Verifying the customer's identity using reliable, independent source documents (passport, driving licence) • Verifying the customer's address (utility bill, bank statement, council tax letter dated within 3 months) • Understanding the nature and purpose of the business relationship Enhanced Due Diligence (EDD) — applied to higher-risk customers including: • Politically Exposed Persons (PEPs) and their associates • Customers from high-risk jurisdictions (as defined by FATF) • Customers with complex or unusual transaction patterns • Business customers with complex ownership structures Simplified Due Diligence (SDD) may be applied in limited low-risk circumstances as permitted by the MLRs 2017. We use automated identity verification technology and may supplement this with manual review. We reserve the right to refuse or terminate a business relationship where CDD cannot be satisfactorily completed.

Spendix operates a transaction monitoring programme to detect suspicious activity. Our monitoring includes: • Automated screening of all transactions against sanctions lists (OFAC, UN, EU, HMT) • Rule-based alerts for unusual transaction patterns (e.g., structuring, rapid fund movement, unusual corridors) • Monitoring of transaction volumes and frequencies against customer profiles • Review of transactions to or from high-risk jurisdictions Alerts generated by our monitoring system are reviewed by our compliance team. Where suspicious activity is identified, we will take appropriate action including filing a Suspicious Activity Report (SAR) with the National Crime Agency (NCA).

Spendix screens all customers, transactions, and counterparties against applicable sanctions lists, including: • HM Treasury (UK) Consolidated Sanctions List • Office of Financial Sanctions Implementation (OFSI) • United Nations Security Council (UNSC) Sanctions • European Union (EU) Consolidated Sanctions List • US Office of Foreign Assets Control (OFAC) SDN List Screening is conducted at onboarding, at regular intervals, and in real-time for transactions. Any match or potential match is escalated to our compliance team for review. We will not process transactions involving sanctioned individuals, entities, or jurisdictions.

All Spendix employees and contractors have a legal obligation to report suspicions of money laundering or terrorist financing to our nominated Money Laundering Reporting Officer (MLRO). Internal reports are reviewed by the MLRO, who will determine whether to file a Suspicious Activity Report (SAR) with the National Crime Agency (NCA) via the NCA's SAR Online system. We will not "tip off" customers or third parties that a SAR has been filed or that they are under investigation. Tipping off is a criminal offence under POCA 2002. Employees who make reports in good faith are protected from liability under the "protected disclosure" provisions of POCA 2002.

In accordance with the Money Laundering Regulations 2017, Spendix retains the following records for a minimum of 5 years from the end of the business relationship or the date of the transaction: • Customer identification and verification documents (KYC records) • Transaction records (date, amount, currency, parties involved) • CDD and EDD documentation • Internal and external SAR filings • Training records Records are stored securely and are available to regulatory authorities upon request.

All Spendix employees and relevant contractors receive AML/CTF training: • At induction (before commencing work involving financial transactions) • Annually (refresher training) • When significant regulatory changes occur Training covers: recognition of suspicious activity, CDD requirements, sanctions obligations, internal reporting procedures, and personal legal obligations under POCA 2002 and the Terrorism Act 2000. Failure to complete required training or to report suspicious activity may result in disciplinary action and potential criminal liability.

Spendix's AML/CTF programme is overseen by our nominated Money Laundering Reporting Officer (MLRO), who is responsible for: • Maintaining and updating this AML Policy • Overseeing the transaction monitoring programme • Reviewing and filing SARs with the NCA • Liaising with regulatory authorities • Reporting to senior management on AML/CTF matters Senior management is responsible for ensuring adequate resources are allocated to AML/CTF compliance and for fostering a culture of compliance throughout the organisation. This policy is reviewed at least annually and updated as required to reflect changes in legislation, regulation, or our business activities.

For AML/CTF enquiries or to report concerns, please contact: Money Laundering Reporting Officer (MLRO) Spendix Technology Limited Email: [email protected] Address: 86–90 Paul Street, London EC2A 4NE, United Kingdom For external reporting of suspicious activity: National Crime Agency (NCA) — SAR Online: www.nationalcrimeagency.gov.uk