image

KYC & AML Policy

Effective Date: January 1, 2026

1. Introduction and Policy Statement

Ognimohub is committed to preventing its services from being used for money laundering, terrorist financing, fraud, or any other illicit financial activities. This Anti-Money Laundering (AML) and Know Your Customer (KYC) Policy outlines the framework, procedures, and controls implemented by Ognimohub to detect, prevent, and report such activities, ensuring compliance with all applicable laws and regulations in the jurisdictions where Ognimohub operates. This policy applies to all Ognimohub employees, agents, contractors, and services, including the Website, User App, Agent App, and Merchant App.

Money laundering is the process of concealing the origins of illegally obtained money, typically by means of transfers involving foreign banks or legitimate businesses. Terrorist financing involves providing financial support to terrorists or terrorist organizations. Both pose significant threats to the integrity of the global financial system and national security. Ognimohub recognizes its critical role in combating these threats and is dedicated to maintaining the highest standards of compliance.


Our Commitment: Ognimohub is dedicated to:

  • Adhering to all relevant AML/KYC laws, regulations, and guidelines, including those issued by financial intelligence units (FIUs) and regulatory bodies.
  • Implementing robust internal controls and procedures to mitigate the risks of money laundering and terrorist financing.
  • Conducting thorough customer due diligence (CDD) and enhanced due diligence (EDD) where appropriate.
  • Monitoring transactions for suspicious activities and reporting them to the relevant authorities.
  • Providing ongoing training to all relevant personnel on AML/KYC policies and procedures.
  • Cooperating fully with law enforcement and regulatory agencies.


2. Regulatory Framework and Scope

Ognimohub operates within a complex global regulatory landscape. This policy is designed to align with international standards and best practices, including recommendations from the Financial Action Task Force (FATF), and to be adaptable to specific national laws and regulations.


2.1. Applicable Laws and Regulations

Ognimohub acknowledges and commits to complying with, but not limited to, the following types of regulations in its operational jurisdictions:

  • Anti-Money Laundering (AML) Acts: National laws that criminalize money laundering and establish reporting obligations for financial institutions.
  • Counter-Terrorist Financing (CTF) Laws: Legislation aimed at preventing the financing of terrorist activities.
  • Know Your Customer (KYC) Regulations: Rules requiring financial institutions to verify the identity of their customers.
  • Data Protection and Privacy Laws: Regulations governing the collection, storage, and processing of personal data, such as the General Data Protection Regulation (GDPR) and similar national laws.
  • Sanctions Regimes: Regulations imposing restrictions on financial transactions with certain individuals, entities, or countries including OFAC sanctions, UN sanctions, etc.
  • Payment Services Directives (PSD2) or similar payment regulations: Regulations governing payment services and electronic money.

Specific Jurisdictional Compliance: Ognimohub will maintain a comprehensive list of all specific AML/KYC laws and regulations applicable in each jurisdiction where it operates or offers services. This list will be regularly reviewed and updated to reflect any changes in the regulatory environment. In Kenya, Ognimohub complies with the Proceeds of Crime and Anti-Money Laundering Act (POCAMLA) and its associated regulations, as well as guidelines issued by the Central Bank of Kenya (CBK) and the Financial Reporting Centre (FRC).


2.2. Scope of Application

This policy applies to:

  • All Ognimohub services and products: Including but not limited to mobile financial services, payment processing, money transfers, virtual card management, microfinance, and investment features.
  • All Ognimohub customers: Including individual users, agents, and merchants.
  • All Ognimohub employees, agents, and contractors: Who are involved in customer onboarding, transaction processing, or any other activity that may expose Ognimohub to AML/CTF risks.
  • All Ognimohub systems and platforms: Including the Website, User App, Agent App, Merchant App, and any underlying infrastructure.


3. Risk-Based Approach (RBA)

Ognimohub adopts a risk-based approach (RBA) to AML/KYC, which allows for the allocation of resources in a manner commensurate with the identified risks. This means that the intensity of CDD measures will vary depending on the level of risk associated with a particular customer, product, service, or geographic location.


3.1. Risk Assessment

Ognimohub will conduct regular and comprehensive risk assessments to identify, evaluate, and understand its money laundering and terrorist financing risks. This assessment will consider:

  • Customer Risk: Factors such as the customer's identity (e.g., individual, corporate, politically exposed person (PEP)), occupation, source of funds/wealth, and geographic location.
  • Product/Service Risk: The inherent risk associated with Ognimohub's offerings (e.g., high-value transactions, cross-border payments, anonymity features).
  • Geographic Risk: The risk associated with countries or regions identified as high-risk by credible sources (e.g., FATF Public Statement, OFAC sanctions lists).
  • Delivery Channel Risk: The risk associated with how services are delivered (e.g., online-only, agent network).

The risk assessment will be documented, reviewed at least annually, and updated whenever there are significant changes to Ognimohub's business model, customer base, products, or the regulatory environment.


3.2. Risk Categorization

Based on the risk assessment, Ognimohub will categorize customers and transactions into different risk levels (e.g., Low, Medium, High). This categorization will inform the level of due diligence required:

  • Low Risk: Requires standard CDD procedures.
  • Medium Risk: May require additional CDD measures or more frequent monitoring.
  • High Risk: Requires Enhanced Due Diligence (EDD) and continuous, intensified monitoring.


4. Customer Due Diligence (CDD)

Customer Due Diligence (CDD) is a cornerstone of Ognimohub's AML/KYC framework. It involves identifying and verifying the identity of customers and understanding the nature and purpose of their business relationship with Ognimohub.


4.1. Identity Verification Requirements

Ognimohub will collect and verify the following information for different customer types:


4.1.1. Individual Users

  • Name: Full legal name.
  • Date of Birth: To confirm legal age.
  • Nationality: To assess geographic risk.
  • Residential Address: Proof of address (e.g., utility bill, bank statement).
  • Identification Document: A valid, government-issued identification document (e.g., national ID card, passport, driver's license). This document must be verified for authenticity and validity.
  • Phone Number: Verified through SMS or call.
  • Email Address: Verified through email confirmation.
  • Selfie/Liveness Check: For enhanced verification and to prevent identity fraud.

Data Collected (as per Ognimohub's data policy): Name, Email address, User IDs, Address, Phone number, Photos (for selfie/liveness).


4.1.2. Agents

In addition to individual user requirements for the agent's principal, Ognimohub will collect:

  • Business Name (if applicable): Legal name of the agent's business.
  • Business Registration Documents: Certificate of incorporation, business permits (if applicable).
  • Business Address: Physical location of the agent's operation.
  • Proof of Agent Status: Documentation confirming their authorization to act as an agent.
  • Bank Account Details: For settlement purposes.
  • Beneficial Ownership Information: If the agent is a legal entity, identification of individuals who ultimately own or control the entity.


4.1.3. Merchants

  • Legal Entity Name: Full legal name of the business.
  • Business Registration Documents: Certificate of incorporation, business licenses, tax registration certificates.
  • Registered Address and Operational Address: Physical locations.
  • Tax Identification Number (TIN): Or equivalent.
  • Bank Account Details: For settlement of transactions.
  • Website/App URL (if applicable): To understand the nature of the business.
  • Nature of Business: Description of goods/services offered.
  • Beneficial Ownership Information: Identification of individuals who ultimately own or control the merchant entity (typically 25% or more ownership, or control through other means).
  • Identification of Directors/Senior Management: Names and identification documents of key personnel.


4.2. Verification Procedures

Ognimohub will employ reliable, independent source documents, data, or information to verify the identity of its customers.

  • Documentary Verification: Obtaining and verifying copies of official documents (e.g., passports, national ID cards, business registration certificates). Ognimohub will utilize technology to check for document authenticity, tampering, and expiry.
  • Non-Documentary Verification: Using reliable public databases, credit bureaus, or other independent sources to cross-reference information provided by the customer.
  • Biometric Verification: Utilizing facial recognition and liveness detection technologies for individual users to confirm the person presenting the ID is the legitimate owner.
  • Proof of Address: Verification through utility bills, bank statements, or government-issued documents showing the customer's residential address.
  • Source of Funds/Wealth: For higher-risk customers or transactions, Ognimohub may request information and documentation regarding the source of funds or wealth.


4.3. Ongoing Due Diligence

CDD is not a one-time event. Ognimohub will conduct ongoing due diligence to ensure that customer information remains current and that transactions are consistent with Ognimohub's knowledge of the customer, their business, and their risk profile. This includes:

  • Regular Reviews: Periodically reviewing customer information, especially for higher-risk customers.
  • Event-Driven Reviews: Triggering reviews when there are changes in customer behavior, transaction patterns, or when new information suggests a change in risk profile.
  • Monitoring for Changes: Monitoring for changes in beneficial ownership, directorships, or business activities for corporate customers.


5. Enhanced Due Diligence (EDD)

Enhanced Due Diligence (EDD) is applied to customers or transactions identified as high-risk. The purpose of EDD is to obtain additional information and implement more stringent controls to mitigate the heightened risk of money laundering or terrorist financing.


5.1. Triggers for EDD

EDD will be triggered by, but not limited to, the following factors:

  • Politically Exposed Persons (PEPs): Individuals who are or have been entrusted with prominent public functions, their family members, or close associates.
  • High-Risk Jurisdictions: Customers or transactions involving countries identified by FATF or other credible sources as having strategic AML/CTF deficiencies or being subject to sanctions.
  • Unusual or Complex Transactions: Transactions that appear to have no clear economic or lawful purpose.
  • High-Value Transactions: Transactions exceeding predefined thresholds.
  • Negative Media Information: Adverse information found about a customer through public searches.
  • Customers with Opaque Ownership Structures: Entities where the beneficial owners are difficult to identify.
  • New Technologies/Products with Higher Risk: Adoption of new technologies or products that may present higher inherent AML/CTF risks.


5.2. EDD Measures

When EDD is triggered, Ognimohub will implement one or more of the following measures:

  • Obtaining Additional Identification Information: Requesting more documents or verifying identity through multiple independent sources.
  • Understanding Source of Funds/Wealth: Requiring detailed documentation and explanation for the source of funds or wealth involved in transactions.
  • Obtaining Information on the Purpose and Intended Nature of the Business Relationship: A deeper understanding of why the customer wants to use Ognimohub's services and their expected transaction patterns.
  • Increased Monitoring: Implementing more frequent and rigorous monitoring of transactions and account activity.
  • Requiring Senior Management Approval: Obtaining approval from senior management for establishing or continuing relationships with high-risk customers.
  • Conducting On-Site Visits: For high-risk corporate customers or agents, conducting physical visits to verify operations.
  • Enhanced Background Checks: Utilizing specialized third-party services to conduct more extensive background checks, including sanctions screening, PEP screening, and adverse media checks.


6. Transaction Monitoring

Ognimohub will implement a robust transaction monitoring system to detect and report suspicious activities. This involves analyzing customer transactions against their expected behavior, risk profile, and predefined rules and scenarios.


6.1. Automated Monitoring Systems

Ognimohub will utilize automated transaction monitoring systems capable of:

  • Real-time and Post-transaction Analysis: Monitoring transactions as they occur and reviewing historical data.
  • Rule-Based Scenarios: Implementing predefined rules to flag transactions that deviate from normal patterns (e.g., large cash deposits/withdrawals, frequent small transactions followed by a large one, transactions to/from high-risk jurisdictions).
  • Behavioral Analytics: Identifying unusual patterns of activity that do not fit a customer's historical profile.
  • Threshold-Based Alerts: Generating alerts for transactions exceeding specific monetary limits.


6.2. Manual Review and Investigation

Alerts generated by the automated system will be subject to manual review by trained AML officers. This review will involve:

  • Gathering Additional Information: Collecting all relevant customer and transaction data.
  • Analyzing Transaction Patterns: Investigating the context and purpose of flagged transactions.
  • Comparing with Customer Profile: Assessing whether the transaction is consistent with the customer's known activity and risk profile.
  • Documenting Findings: Maintaining detailed records of the investigation, including the rationale for any decisions made.


6.3. Red Flags

Ognimohub will train its personnel to recognize and report "red flags" that may indicate suspicious activity. These include, but are not limited to:

  • Unusual Transaction Patterns: Sudden increase in transaction volume or value, frequent transactions just below reporting thresholds, transactions inconsistent with the customer's known business or financial profile.
  • Geographic Anomalies: Transactions involving high-risk jurisdictions without a clear business rationale.
  • Customer Behavior: Reluctance to provide information, providing false or misleading information, unusual urgency, or attempts to avoid reporting requirements.
  • Structuring: Breaking down large transactions into smaller ones to avoid detection or reporting thresholds.
  • Use of Multiple Accounts: Using numerous accounts for a single purpose.
  • Complex or Opaque Transactions: Transactions with no apparent economic or legitimate purpose.
  • Negative News: Adverse media reports linking a customer to illicit activities.


7. Suspicious Activity Reporting (SAR) / Suspicious Transaction Reporting (STR)

When, as a result of transaction monitoring or any other means, Ognimohub forms a suspicion that funds are the proceeds of criminal activity or are linked to terrorist financing, it will promptly file a Suspicious Activity Report (SAR) or Suspicious Transaction Report (STR) with the relevant Financial Intelligence Unit (FIU) or designated authority.


7.1. Reporting Procedures

  • Internal Reporting: Any employee who identifies a red flag or suspects money laundering/terrorist financing must immediately report their concerns to the designated Money Laundering Reporting Officer (MLRO) or their deputy.
  • MLRO Investigation: The MLRO will conduct a thorough investigation into the internal report, gathering all relevant information and documentation.
  • Decision to Report: Based on the investigation, the MLRO will decide whether there are reasonable grounds to suspect money laundering or terrorist financing.
  • External Reporting: If a suspicion is formed, the MLRO will prepare and submit an SAR/STR to the FIU within the legally mandated timeframe.
  • No Tipping Off: Ognimohub and its employees will strictly adhere to the "no tipping off" rule, meaning they will not inform the customer or any third party that an SAR/STR has been filed or that an investigation is underway.


7.2. Record Keeping

All internal reports, investigations, and SAR/STR filings will be meticulously documented and retained for a minimum period as required by applicable regulations (typically 5-7 years).


8. Sanctions Screening

Ognimohub will implement robust sanctions screening procedures to ensure compliance with international and national sanctions regimes.


8.1. Screening Process

  • Customer Screening: All new and existing customers (individuals, agents, merchants, and their beneficial owners/directors) will be screened against relevant sanctions lists (e.g., OFAC Specially Designated Nationals (SDN) List, UN Security Council Consolidated List, EU Consolidated List, national sanctions lists).
  • Transaction Screening: Transactions, particularly cross-border payments, will be screened against sanctions lists to identify any involvement of sanctioned individuals, entities, or jurisdictions.
  • Automated Screening Tools: Ognimohub will utilize automated screening tools that integrate with global sanctions databases to perform real-time or batch screening.
  • False Positives: A process will be in place to investigate and resolve potential matches (false positives) generated by the screening system.


8.2. Actions on Sanctions Matches

If a true match to a sanctioned individual, entity, or jurisdiction is identified:

  • Immediate Freezing: The account or transaction will be immediately frozen, and no further transactions will be processed.
  • Reporting: The match will be reported to the relevant regulatory authorities (e.g., FIU, sanctions authority) without delay.
  • Internal Escalation: The incident will be immediately escalated to the MLRO and senior management.
  • Legal Counsel: Legal counsel will be consulted to determine the appropriate course of action in accordance with applicable sanctions laws.


9. Data Management and Record Keeping

Ognimohub is committed to maintaining accurate and comprehensive records of all AML/KYC-related activities in accordance with data protection laws and regulatory requirements.


9.1. Data Collected (as per Ognimohub's data policy)

Ognimohub collects the following data for AML/KYC and operational purposes:

  • Files and Docs: For app functionality.
  • Financial Info: User payment info, Purchase history, Credit score (for app functionality, fraud prevention, security, compliance, account management).
  • Personal Info: Name, Email address, User IDs, Address, Phone number (for app functionality, developer communications, fraud prevention, security, compliance, account management).
  • Messages: Emails, SMS or MMS, Other in-app messages (optional, for app functionality, advertising/marketing, account management).
  • App Info and Performance: Crash logs, Diagnostics, Other app performance data (for analytics, fraud prevention, security, compliance).
  • App Activity: App interactions, In-app search history (optional, for app functionality, analytics).
  • Contacts: (Optional, for app functionality).
  • Photos and Videos: Photos (optional, for app functionality, account management).


9.2. Record Retention

All records related to customer identification, verification, risk assessments, transaction monitoring, internal reports, SAR/STR filings, and sanctions screening will be retained for a minimum period of five (5) years from the date the business relationship ends or from the date of the transaction, or longer if required by specific jurisdictional laws.


9.3. Data Security and Privacy

  • Encryption: Data is encrypted in transit, ensuring secure transmission over a secure connection.
  • Access Control: Access to AML/KYC data will be strictly limited to authorized personnel on a need-to-know basis.
  • Data Deletion Request: Ognimohub provides a mechanism for users to request data deletion, subject to legal and regulatory retention obligations.
  • No Data Sharing with Third Parties: Ognimohub explicitly states that it does not share user data with other companies or organizations, which is a critical aspect of data privacy and trust. This commitment must be strictly adhered to, especially concerning AML/KYC data.


10. Internal Controls and Governance

Effective AML/KYC compliance requires robust internal controls and a clear governance structure.


10.1. Money Laundering Reporting Officer (MLRO)

Ognimohub will appoint a qualified and experienced Money Laundering Reporting Officer (MLRO) with sufficient authority and resources to oversee the implementation and enforcement of this policy. The MLRO's responsibilities include:

  • Developing and maintaining the AML/KYC policy and procedures.
  • Receiving and investigating internal suspicious activity reports.
  • Deciding whether to file an SAR/STR with the FIU.
  • Acting as the primary point of contact for regulatory authorities.
  • Ensuring ongoing compliance with AML/KYC laws and regulations.
  • Providing regular reports to senior management and the board of directors.
  • Overseeing AML/KYC training programs.


10.2. Senior Management Oversight

Senior management and the board of directors are ultimately responsible for ensuring Ognimohub's compliance with AML/KYC obligations. They will:

  • Approve the AML/KYC policy.
  • Provide adequate resources for the AML/KYC program.
  • Receive regular reports from the MLRO.
  • Foster a strong culture of compliance within the organization.


10.3. Internal Audit

Ognimohub will establish an independent internal audit function to periodically review and test the effectiveness of its AML/KYC program. The internal audit will:

  • Assess compliance with internal policies and external regulations.
  • Identify weaknesses or deficiencies in controls.
  • Recommend corrective actions.
  • Report findings directly to senior management and the board.


11. Training and Awareness

All Ognimohub employees, agents, and contractors involved in customer-facing roles, transaction processing, or AML/KYC compliance will receive comprehensive and ongoing training.



11.1. Training Program

The training program will cover:

  • The importance of AML/KYC: Understanding the risks of money laundering and terrorist financing.
  • Ognimohub's AML/KYC Policy: Detailed explanation of procedures, roles, and responsibilities.
  • Customer Due Diligence: How to identify and verify customers.
  • Transaction Monitoring: Recognizing red flags and suspicious activities.
  • Reporting Procedures: How to make internal reports and the "no tipping off" rule.
  • Sanctions Compliance: Understanding sanctions lists and screening procedures.
  • Data Protection: Handling customer data in compliance with privacy laws.
  • Updates: Regular updates on new regulations, typologies, and best practices.


11.2. Frequency of Training

  • Initial Training: All new employees, agents, and contractors will receive AML/KYC training upon joining Ognimohub.
  • Refresher Training: Annual refresher training will be provided to all relevant personnel.
  • Ad-hoc Training: Additional training will be provided as needed, for example, when there are significant changes in regulations, products, or identified risks.


12. Technology and Systems

Ognimohub leverages technology to enhance its AML/KYC capabilities and ensure efficient and effective compliance.


12.1. Integrated Solutions

Ognimohub's platform, including the User App, Agent App, and Merchant App, will integrate with specialized AML/KYC technology solutions for:

  • Identity Verification (IDV): Automated document verification, biometric checks, and liveness detection.
  • Sanctions and PEP Screening: Real-time screening against global databases.
  • Transaction Monitoring Systems: Rule-based and AI-driven analytics for suspicious activity detection.
  • Case Management Systems: For managing alerts, investigations, and SAR/STR filings.


12.2. API Integrations

Ognimohub's advanced integrations with leading FinTech and Payment Service Provider (PSP) APIs will be carefully managed to ensure that all third-party services comply with Ognimohub's AML/KYC standards and regulatory requirements. Due diligence will be performed on all third-party providers to assess their AML/KYC controls.


13. Compliance with Platform Requirements (Google, Apple, etc.)

Ognimohub recognizes the importance of complying with the terms and conditions, as well as the legal and policy requirements, of major app stores and platforms such as Google Play Store, Apple App Store, and Microsoft Store. These platforms often have specific requirements related to user data privacy, security, and financial services.


13.1. Data Privacy and Security

Ognimohub's commitment to "No data shared with third parties" and "Data is encrypted in transit" directly addresses key platform requirements for user data protection. The detailed data collection practices outlined in Ognimohub's data policy will be transparently communicated to users through privacy policies within the apps, adhering to platform guidelines.


13.2. Financial Services Compliance

Platforms require financial apps to comply with all applicable laws and regulations. Ognimohub's robust AML/KYC policy demonstrates our commitment to regulatory compliance, which is essential for approval and continued operation on these platforms. This includes:

  • Clear Disclosure: Transparently disclosing all financial services offered and any associated terms and conditions.
  • Regulatory Approvals: Ensuring Ognimohub holds all necessary licenses and approvals to offer financial services in its operating jurisdictions.
  • Fraud Prevention: Implementing strong fraud prevention measures, which are often a focus for platform security.


13.3. User Experience and Trust

A strong AML/KYC framework contributes to a secure and trustworthy user experience, which is highly valued by platforms. By preventing illicit activities, Ognimohub protects its users and maintains the integrity of its services, aligning with the platforms' goals of providing safe and reliable applications.


14. Policy Review and Updates

This AML/KYC Policy will be reviewed at least annually by the MLRO and senior management to ensure its continued effectiveness, relevance, and compliance with evolving legal and regulatory requirements, as well as changes in Ognimohub's business operations or risk profile. Any necessary updates will be approved by senior management and communicated to all relevant personnel.


15. Contact Information

For any questions regarding this AML/KYC Policy or to report suspicious activities, please contact:

Address: PR89+2WP, Pioneer House, Kenyatta Avenue, Nairobi, Kenya

Email: support@ognimohub.com

Phone: +254 745 497444

This site uses cookies

We may utilize cookies when you access our website, including any related media platforms or mobile applications. These technologies are employed to enhance site functionality and optimize your interactions with our services.

View More