image

Compliance & AML Policy

Updated: 6th Oct, 2025


Definitions

AML: Anti-Money Laundering.
CFT: Counter-Financing of Terrorism.
CDD: Customer Due Diligence.
EDD: Enhanced Due Diligence.
SDD: Simplified Due Diligence.
EWRA: Enterprise-Wide Risk Assessment.
FATF: Financial Action Task Force.
FIU: Financial Intelligence Unit.
KYC: Know Your Customer.
PEP: Politically Exposed Person.
PSP: Payment Service Provider.
SAR/STR: Suspicious Activity Report / Suspicious Transaction Report.
SCA: Strong Customer Authentication.
TLS: Transport Layer Security.

1. Introduction and Policy Statement

Ognimohub is committed to maintaining the highest standards of ethical conduct and regulatory compliance in all its operations. As a mobile finance service provider leveraging major fintech and Payment Service Provider (PSP) APIs, we recognize our critical role in preventing financial crime, including money laundering, terrorist financing, and fraud. This comprehensive Compliance & Anti-Money Laundering (AML) Policy outlines the framework, procedures, and responsibilities designed to ensure Ognimohub operates in full adherence to applicable laws, regulations, and industry best practices.

This policy applies to all Ognimohub employees, contractors, agents, and any third parties acting on behalf of Ognimohub. Adherence to this policy is mandatory and forms a fundamental part of our operational integrity and commitment to fostering a secure and trustworthy financial ecosystem.

Our core objectives are to:
  • Prevent Ognimohub's services from being used for illicit activities such as money laundering, terrorist financing, and fraud.
  • Comply with all relevant national and international AML/CFT (Counter-Financing of Terrorism) laws, regulations, and guidelines.
  • Protect Ognimohub's reputation and financial stability from the risks associated with financial crime.
  • Foster a culture of compliance throughout the organization.
  • Cooperate fully with regulatory authorities and law enforcement agencies.

2. Legal and Regulatory Framework

Ognimohub operates within a complex and evolving global regulatory landscape. Our compliance framework is built upon adherence to the following key legal and regulatory instruments, where applicable to our operational jurisdictions and the nature of our services:
  • Financial Action Task Force (FATF) Recommendations: The international standard-setter for AML/CFT, providing a comprehensive and consistent framework of measures that countries should implement. Ognimohub aligns its policies with the risk-based approach advocated by FATF.
  • Local AML/CFT Laws and Regulations: Specific national laws and regulations governing anti-money laundering and counter-terrorist financing in the jurisdictions where Ognimohub operates or offers services. This includes, but is not limited to, laws requiring customer due diligence, suspicious transaction reporting, record-keeping, and sanctions compliance.
  • Payment Services Directives (PSD1 & PSD2) (EU/EEA): For operations within the European Union/European Economic Area, Ognimohub adheres to the requirements of PSD2, particularly concerning strong customer authentication (SCA), secure communication, and consumer protection.
  • General Data Protection Regulation (GDPR) (EU/EEA) / California Consumer Privacy Act (CCPA) (USA) / Other Data Protection Laws: While primarily data privacy regulations, these laws significantly impact how Ognimohub collects, stores, and processes customer data for AML purposes, ensuring a balance between compliance and privacy.
  • Sanctions Regimes: Compliance with sanctions programs administered by bodies such as the Office of Foreign Assets Control (OFAC) in the United States, the United Nations Security Council (UNSC), and the European Union. This involves screening against designated persons and entities lists.
  • Partner Fintech/PSP Policies: Ognimohub acknowledges and integrates the specific AML/CFT policies and requirements of its fintech and PSP partners, recognizing that our operations are often an extension of their regulated activities.
Ognimohub's Compliance Officer is responsible for continuously monitoring changes in these legal and regulatory frameworks and updating this policy and associated procedures accordingly.

3. Risk-Based Approach (RBA)

Ognimohub adopts a robust Risk-Based Approach (RBA) to AML/CFT. This means that resources and efforts are allocated in proportion to the identified risks. A higher risk scenario will trigger more stringent controls and due diligence measures, while lower risk scenarios may permit simplified procedures.

3.1. Enterprise-Wide Risk Assessment (EWRA)

Ognimohub conducts a comprehensive Enterprise-Wide Risk Assessment (EWRA) at least annually, and whenever there are significant changes to our business model, products, services, customer base, or geographic reach. The EWRA identifies, assesses, and understands the money laundering and terrorist financing risks to which Ognimohub is exposed.

The EWRA considers factors such as:
  • Customer Risk: Types of customers (e.g., individuals, corporations, politically exposed persons (PEPs), high-net-worth individuals), their geographic location, and their expected transaction behavior.
  • Product/Service Risk: The inherent risk associated with Ognimohub's offerings (e.g., cash-intensive services, cross-border payments, virtual cards, gateway swaps, microfinance). Products allowing anonymity or rapid movement of funds are generally considered higher risk.
  • Geographic Risk: Countries or regions identified as high-risk by FATF or other credible sources due to their AML/CFT deficiencies, high levels of corruption, or links to terrorism.
  • Delivery Channel Risk: The methods by which services are delivered (e.g., online, mobile app, agent network). Digital channels may present different risks compared to traditional channels.
  • Technological Risk: Risks associated with the technology used, including cybersecurity vulnerabilities, data integrity, and the potential for misuse of APIs.
The EWRA informs the design and implementation of Ognimohub's AML controls, including customer due diligence (CDD) levels, transaction monitoring rules, and training programs.

3.2. Customer Risk Scoring

Based on the EWRA, Ognimohub implements a customer risk scoring methodology. Each customer is assigned a risk score (e.g., Low, Medium, High) based on various attributes collected during the onboarding process and continuously monitored.

Factors influencing customer risk scoring include:
  • Customer type (e.g., individual, business, non-profit).
  • Geographic location of residence/operations.
  • Nature of business/occupation.
  • Expected transaction volume and value.
  • Presence on sanctions lists or adverse media.
  • PEP status.
The assigned risk score dictates the level of Customer Due Diligence (CDD) applied, the intensity of ongoing monitoring, and the frequency of customer reviews.

4. Customer Due Diligence (CDD) and Know Your Customer (KYC)

Ognimohub implements robust CDD and KYC procedures to verify the identity of its customers and understand the nature of their activities. This is a cornerstone of our AML framework, ensuring we know who our customers are and can assess the risks they pose.

4.1. Identity Verification (IDV)

Before establishing a business relationship or conducting certain transactions, Ognimohub verifies the identity of all users, agents, and merchants.

For Individuals (Users and Agents):
Collection of Data: Full legal name, date of birth, residential address, nationality, and a unique identification number (e.g., national ID, passport number).
Verification of Data:
  • Documentary Verification: Obtaining and verifying copies of official identification documents (e.g., government-issued photo ID, passport, driver's license). Documents must be current, valid, and show no signs of tampering.
  • Non-Documentary Verification: Utilizing reliable, independent sources such as public databases, credit bureaus, or other reputable third-party data providers to cross-reference and confirm identity information.
  • Biometric Verification: Where technologically feasible and legally permissible, employing facial recognition or liveness detection during the onboarding process to enhance identity assurance.


For Legal Entities (Merchants):
Collection of Data: Legal name, registered address, principal place of business, registration number, date of incorporation, legal form, and details of beneficial owners, directors, and authorized signatories.
Verification of Data:
  • Documentary Verification: Obtaining and verifying official documents such as certificates of incorporation, articles of association, business licenses, and shareholder registers.
  • Beneficial Ownership: Identifying and verifying the identity of all natural persons who ultimately own or control more than a specified percentage (e.g., 25%) of the legal entity, or who otherwise exercise control through other means.
  • Authorized Signatories: Verifying the identity of individuals authorized to act on behalf of the merchant, following individual IDV procedures.


4.2. Enhanced Due Diligence (EDD)

EDD measures are applied to customers identified as high-risk, including but not limited to:
  • Politically Exposed Persons (PEPs): Individuals who are or have been entrusted with prominent public functions, and their family members and close associates. Ognimohub screens customers against PEP databases.
  • Customers from High-Risk Jurisdictions: Individuals or entities from countries identified by FATF or other credible sources as having weak AML/CFT regimes.
  • Customers with Complex Ownership Structures: Legal entities with opaque or unusually complex ownership structures that make it difficult to identify beneficial owners.
  • Customers engaging in high-value or unusual transactions: Transactions that are inconsistent with the customer's known profile or typical activity.
  • Adverse Media: Customers associated with negative news or public information related to financial crime, corruption, or other illicit activities.


EDD measures may include:
  • Obtaining additional information on the customer's source of funds and source of wealth.
  • Requiring additional identification documents or verification methods.
  • Conducting more extensive background checks and adverse media searches.
  • Obtaining senior management approval for establishing or continuing the business relationship.
  • Increased frequency and intensity of ongoing monitoring.


4.3. Simplified Due Diligence (SDD)

SDD may be applied to customers identified as low-risk, where the risk of money laundering or terrorist financing is demonstrably low. This is determined by the EWRA and customer risk scoring. SDD measures are proportionate to the lower risk and may involve fewer verification steps, but never a complete absence of identity verification.

Examples of situations where SDD might be considered (subject to regulatory approval and internal risk assessment):
  • Government entities or public administrations.
  • Financial institutions subject to equivalent AML/CFT regulations.
  • Certain low-value, low-risk products or services, provided anonymity is not permitted.


4.4. Ongoing Due Diligence and Customer Reviews

CDD is not a one-time event. Ognimohub conducts ongoing due diligence to ensure that customer information remains current and that transactions are consistent with the customer's profile.
Regular Reviews: Customer profiles are reviewed periodically (e.g., annually for high-risk, biennially for medium-risk, every three years for low-risk) to update information, re-assess risk, and ensure consistency.
Trigger Events: Reviews are also triggered by significant events, such as a change in beneficial ownership, a change in business activity, or the detection of unusual or suspicious transactions.
Data Refresh: Ognimohub utilizes automated tools and API integrations to refresh customer data from reliable sources where possible, ensuring accuracy and timeliness.


5. Sanctions Compliance

Ognimohub is committed to complying with all applicable sanctions regimes. This involves preventing individuals, entities, or countries subject to sanctions from accessing or utilizing Ognimohub's services.

5.1. Sanctions Screening

All customers (users, agents, merchants) and relevant parties to a transaction (e.g., beneficiaries of bank transfers) are screened against relevant sanctions lists at onboarding and on an ongoing basis.

Key sanctions lists include:
  • OFAC Specially Designated Nationals (SDN) List.
  • UN Security Council Consolidated List.
  • EU Consolidated List of Persons, Groups and Entities Subject to Financial Sanctions.
  • Other national sanctions lists as applicable.


5.2. Real-time and Batch Screening

Real-time Screening: Performed during the onboarding process and prior to the execution of transactions, especially for cross-border payments or high-value transactions.
Batch Screening: Regular (e.g., daily, weekly) screening of the entire customer database against updated sanctions lists to identify any newly sanctioned individuals or entities.


5.3. Sanctions Alert Management

Any potential match identified during screening triggers an alert. These alerts are investigated promptly by trained personnel.
False Positives: Many alerts are false positives (e.g., common names). A robust process is in place to clear false positives efficiently.
True Matches: If a true match is identified, the transaction or business relationship is immediately frozen, and the Compliance Officer is notified. Appropriate reporting to relevant authorities (e.g., OFAC, local financial intelligence unit) is made without delay, and no further action is taken without explicit instruction from the authorities.

6. Transaction Monitoring

Ognimohub implements a sophisticated transaction monitoring system to detect and report suspicious activities. This system analyzes transaction patterns and behaviors for deviations from normal or expected activity, which could indicate money laundering or terrorist financing.


6.1. Automated Monitoring Systems

Ognimohub utilizes automated transaction monitoring tools, often integrated via APIs with our core systems and partner PSPs, to:

Profile Customer Behavior: Establish a baseline of normal transaction activity for each customer based on their risk profile, historical data, and declared purpose of the relationship.

Identify Anomalies: Flag transactions or patterns that deviate significantly from the established profile, such as:

  • Large or unusual transactions inconsistent with the customer's known financial profile.
  • Frequent transactions just below reporting thresholds (structuring).
  • Rapid movement of funds between multiple accounts or jurisdictions.
  • Transactions involving high-risk jurisdictions or entities.
  • Unusual patterns of cash-in/cash-out activities for agents.
  • Multiple small payments from various sources followed by a large single payment to another account (smurfing).
  • Transactions involving virtual assets without clear legitimate purpose.

Generate Alerts: Automatically generate alerts for review by the AML team when suspicious activity is detected.


6.2. Manual Review and Investigation

All alerts generated by the automated system are subject to manual review and investigation by trained AML analysts.
Initial Triage: Analysts assess the validity of the alert and gather additional information from internal systems, customer records, and public sources.
Case Management: A structured case management system is used to document the investigation process, findings, and decisions.
Escalation: If the investigation reveals reasonable grounds to suspect money laundering or terrorist financing, the case is escalated to the Compliance Officer.


7. Suspicious Activity Reporting (SAR) / Suspicious Transaction Reporting (STR)

Ognimohub has a legal and ethical obligation to report suspicious activities to the relevant Financial Intelligence Unit (FIU) or other designated authority.


7.1. Reporting Threshold

Any employee, agent, or contractor who identifies or suspects money laundering, terrorist financing, or other illicit financial activity must immediately report their concerns to the Compliance Officer. This applies regardless of the transaction value.

7.2. Internal Reporting Procedure

Employee Responsibility: All personnel are required to report any suspicious activity or transaction to the Compliance Officer using a designated internal reporting mechanism.
Confidentiality: The identity of the person making the internal report is kept confidential to the extent permitted by law.
No Tipping-Off: Under no circumstances should a customer or any third party be informed that a report has been made or that their activities are under suspicion. Tipping-off is a serious offense.


7.3. External Reporting Procedure

Compliance Officer Responsibility: The Compliance Officer is solely responsible for determining whether a Suspicious Activity Report (SAR) or Suspicious Transaction Report (STR) needs to be filed with the relevant FIU.
Timeliness: SARs/STRs are filed promptly, typically within a few business days, once a suspicion has been formed and confirmed through investigation.
Content: Reports include all relevant information, such as customer details, transaction specifics, the nature of the suspicion, and any supporting documentation.


8. Record Keeping

Ognimohub maintains comprehensive and accurate records of all transactions, customer identification data, and AML-related activities in accordance with regulatory requirements.


8.1. Retention Periods

Records are retained for a minimum period as prescribed by applicable laws and regulations (typically 5-7 years after the business relationship ends or the transaction is completed). This includes:
  • Customer identification and verification documents.
  • Transaction records (date, amount, parties, type of transaction).
  • Records of customer due diligence performed.
  • Internal and external suspicious activity reports.
  • Records of AML training provided to employees.
  • Records of risk assessments and policy updates.


8.2. Accessibility and Security

Records are stored securely, whether in physical or electronic format, to prevent unauthorized access, alteration, or destruction. They must be readily retrievable by the Compliance Officer and accessible to regulatory authorities upon request. Data protection and privacy regulations (e.g., GDPR, CCPA) are strictly adhered to in the storage and handling of all records.


9. Training and Awareness

A well-trained and aware workforce is critical to the effectiveness of Ognimohub's AML program.


9.1. Mandatory Training

All Ognimohub employees, contractors, and agents are required to undergo mandatory AML/CFT training.
  • Initial Training: Provided to all new hires during their onboarding process.
  • Refresher Training: Conducted at least annually for all personnel.
  • Role-Specific Training: Tailored training for employees in high-risk functions (e.g., customer service, compliance, operations) focusing on specific risks and responsibilities relevant to their roles.


9.2. Training Content

Training covers:
  • The legal and regulatory obligations of Ognimohub regarding AML/CFT.
  • The risks of money laundering and terrorist financing relevant to Ognimohub's business.
  • Ognimohub's internal AML policies and procedures, including CDD, transaction monitoring, and SAR reporting.
  • How to identify red flags and suspicious activities.
  • The "no tipping-off" rule.
  • The role and responsibilities of the Compliance Officer.


9.3. Awareness Campaigns

Regular internal communications, newsletters, and reminders are used to reinforce AML awareness and highlight emerging risks or regulatory changes.

10. Compliance Officer and Governance

Ognimohub has appointed a dedicated Compliance Officer responsible for overseeing the implementation and effectiveness of this AML policy.


10.1. Role and Responsibilities of the Compliance Officer

The Compliance Officer (or an equivalent designated individual/team) holds a senior management position with sufficient authority and resources to fulfill their duties. Their responsibilities include:
  • Developing, implementing, and maintaining Ognimohub's AML/CFT policies and procedures.
  • Overseeing the Enterprise-Wide Risk Assessment.
  • Acting as the primary point of contact for all AML-related inquiries from employees, regulators, and law enforcement.
  • Receiving and investigating internal suspicious activity reports.
  • Making determinations on external SAR/STR filings and submitting them to the FIU.
  • Ensuring compliance with sanctions regimes.
  • Managing and overseeing the transaction monitoring system.
  • Developing and delivering AML training programs.
  • Monitoring changes in AML/CFT laws and regulations and updating policies accordingly.
  • Reporting to senior management and the Board of Directors on the effectiveness of the AML program.
  • Coordinating internal and external audits of the AML program.

10.2. Board and Senior Management Oversight

The Board of Directors and Senior Management of Ognimohub are ultimately responsible for ensuring that the company has an effective AML program. Their responsibilities include:
  • Approving the AML policy and significant changes thereto.
  • Providing adequate resources for the Compliance function.
  • Receiving regular reports from the Compliance Officer on AML risks, compliance performance, and significant issues.
  • Fostering a strong culture of compliance throughout the organization.


11. Agent and Merchant Management

Given Ognimohub's model involving agents for cash-in/cash-out and merchants for payment collection, specific AML controls are applied to these relationships.


11.1. Agent Due Diligence

  • Enhanced Onboarding: Agents undergo rigorous CDD, often including EDD, given their direct interaction with cash and potential for misuse. This includes background checks, credit checks, and verification of business premises.
  • Contractual Obligations: Agent agreements explicitly outline their AML responsibilities, including adherence to Ognimohub's AML policy, proper customer identification, record-keeping, and reporting of suspicious activities.
  • Training: Agents receive mandatory AML training specific to their roles, focusing on identifying red flags in cash transactions and customer interactions.
  • Monitoring: Agent activities are closely monitored for unusual transaction patterns, high volumes of cash transactions, or deviations from expected business profiles.


11.2. Merchant Due Diligence

  • Onboarding: Merchants undergo CDD, including verification of business registration, beneficial ownership, and business activity.
  • Risk Assessment: Merchants are risk-rated based on their industry, transaction volume, average transaction value, and geographic location. High-risk merchants (e.g., those in high-risk industries or with a history of chargebacks) receive EDD.
  • Transaction Monitoring: Merchant transactions are monitored for unusual patterns, such as sudden spikes in transaction volume, high refund rates, or transactions inconsistent with their declared business.
  • Prohibited Businesses: Ognimohub maintains a list of prohibited business categories that are deemed too high-risk for our services (e.g., illegal gambling, illicit drugs, child pornography, pyramid schemes).


12. Technology and API Security

As a technology-driven platform heavily reliant on API integrations, Ognimohub recognizes the critical role of technology and API security in its AML framework.


12.1. Secure API Integrations

  • Partner Due Diligence: Ognimohub conducts due diligence on all fintech and PSP partners to ensure they have robust AML/CFT controls and secure API practices.
  • Data Encryption: All data exchanged via APIs is encrypted using industry-standard protocols (e.g., TLS 1.3) to protect sensitive information during transit.
  • Authentication and Authorization: Strong authentication mechanisms (e.g., OAuth 2.0, API keys with strict access controls) are implemented for all API access. Access is granted on a least-privilege basis.
  • API Monitoring: APIs are continuously monitored for unusual access patterns, potential breaches, or unauthorized activity.


12.2. Data Integrity and Audit Trails

Immutable Records: Ognimohub's systems are designed to ensure the integrity of transaction data and customer records, with robust audit trails that log all activities, changes, and access attempts.
Data Backup and Recovery: Regular backups are performed, and a disaster recovery plan is in place to ensure business continuity and data availability.


12.3. Cybersecurity Measures

Vulnerability Management: Regular vulnerability assessments and penetration testing are conducted on Ognimohub's systems and applications.
Access Controls: Strict access controls are implemented to limit access to sensitive systems and data to authorized personnel only.
Incident Response Plan: A comprehensive incident response plan is in place to address and mitigate the impact of any cybersecurity incidents or data breaches.


13. Internal Controls and Audit

Ognimohub maintains a system of robust internal controls to ensure the effectiveness of its AML program.


13.1. Internal Audit

The internal audit function (or an independent third party) conducts periodic, independent reviews of Ognimohub's AML program to assess its effectiveness, identify weaknesses, and recommend improvements. Audit findings are reported to senior management and the Board.


13.2. Compliance Testing

Regular compliance testing is performed by the Compliance Officer or designated team members to ensure that policies and procedures are being followed in practice. This includes reviewing CDD files, transaction monitoring alerts, and SAR filings.


13.3. Policy Review and Updates

This AML policy and all associated procedures are reviewed at least annually by the Compliance Officer and approved by senior management. Updates are made as necessary to reflect changes in regulations, business operations, or identified risks.


14. Cooperation with Authorities

Ognimohub is committed to cooperating fully with all relevant regulatory authorities and law enforcement agencies in their efforts to combat financial crime.


14.1. Information Sharing

Upon receipt of a lawful request (e.g., subpoena, court order) from a competent authority, Ognimohub will provide the requested information in a timely and secure manner, in accordance with applicable laws and data protection regulations.


14.2. Freezing of Funds

In cases where Ognimohub receives a legally binding order to freeze funds or assets, it will comply immediately and report the action to the issuing authority.


15. Policy Enforcement and Disciplinary Actions

Adherence to this AML policy is mandatory for all Ognimohub personnel. Any violation of this policy may result in disciplinary action, up to and including termination of employment or contract, and may also lead to civil or criminal penalties. Ognimohub will not tolerate any form of retaliation against individuals who report suspicious activities in good faith.

This policy is a living document and will be reviewed and updated periodically to ensure its continued effectiveness and compliance with evolving regulatory requirements and best practices.

This site uses cookies

We may utilize cookies when you access our website, including any related media platforms or mobile applications. These technologies are employed to enhance site functionality and optimize your interactions with our services.

View More