LEGAL

AML policy

Effective date: 1st August 2024

1. Purpose

This policy document outlines the standards, procedures, and controls that Northquest  Finance Company must adhere to in order to comply with the Central Bank of Nigeria  (CBN) regulations regarding Anti-Money Laundering (AML), Countering the Financing of  Terrorism (CFT), and Countering the Financing of Proliferation (CPF). The purpose is to  safeguard the company from being used for illegal activities such as money laundering,  terrorism financing, or the proliferation of weapons of mass destruction, and to ensure that  Northquest operates with integrity and in full compliance with all relevant legal  requirements.

2. Scope

This policy applies to all departments, business units, employees, directors, officers,  agents, and any other representatives of Northquest Finance Company. It governs all  customer interactions, from onboarding to transaction monitoring, and applies to all types  of customers, including individuals, corporate entities, and other organizations.

3. Definitions

To ensure clarity and consistency, the following terms are defined:

  • KYC (Know Your Customer): A process that involves verifying the identity,  background, and risk profile of customers before and during the business  relationship.
  • AML (Anti-Money Laundering): Policies and procedures designed to prevent, detect,  and report money laundering activities.
  • CFT (Countering the Financing of Terrorism): Efforts aimed at preventing and  detecting the financing of terrorist activities.
  • CPF (Countering the Financing of Proliferation): Measures taken to prevent and  detect the financing of the proliferation of weapons of mass destruction.
  • Customer Due Diligence (CDD): The process of gathering and verifying information  about a customer to assess the level of risk they pose.
  • Enhanced Due Diligence (EDD): A more thorough level of due diligence applied to  customers who present a higher risk.
  • Bank Verification Number (BVN): is a unique identification number issued by the  Central Bank of Nigeria (CBN) to individuals with bank accounts in Nigeria. It is used  as a means of verifying the identity of customers across all Nigerian banks, ensuring  that a single individual does not have multiple identities within the banking system.
  • Politically Exposed Persons (PEPs): Individuals who hold prominent public functions,  as well as their immediate family members and close associates.
  • Suspicious Activity Report (SAR): A report filed with the Nigerian Financial  Intelligence Unit (NFIU) when a transaction or activity is suspected of being related  to money laundering, terrorism financing, or other illegal activities.

4. Policy Statement

Northquest Finance Company Limited is committed to maintaining the highest standards of  compliance with all applicable laws and regulations regarding AML, CFT, and CPF. The  company will not engage in or facilitate any activities that could be associated with money  laundering, terrorism financing, or proliferation financing. All employees are required to  adhere strictly to the procedures outlined in this document and to remain vigilant in identifying  and reporting suspicious activities.

5. KYC Procedures

5.1 Customer Identification

The first step in the KYC process is to establish and verify the identity of the customer:

5.1.1 Individual Customers:

  • Obtain and verify the customer’s full name, date of birth, address, BVN, and a  valid government-issued photo ID (such as a National ID, Driver’s License,  Voters card, or International Passport).
  • Verify the provided information against third-party databases and watchlists (such as SMILE ID, NIBSS etc.).
  • Verify the customer's identity by confirming their Bank Verification Number  (BVN) against the relevant database to ensure authenticity.

5.1.2 Corporate Customers

  • Collect and verify the company’s CAC documents which includes Certificate of  Incorporation, Allotment of shares, Particulars of Directors, Memorandum and  Articles of Association, and other relevant legal documentation.
  • Identify and verify the identity and BVN of key stakeholders, such as directors  and beneficial owners, using similar procedures as for individual customers. ▪ Conduct a risk assessment to determine the nature and purpose of the business  relationship.

5.2 Customer Due Diligence (CDD): CDD involves the collection of additional information about the customer’s activities and  the purpose of the business relationship:

5.2.1 Conduct CDD at the outset of the business relationship and update it  periodically, based on the customer’s risk profile.

5.2.2 For low-risk customers, CDD may involve only the collection of basic  information and monitoring of transactions.

5.2.3 For high-risk customers (such as PEPs), Enhanced Due Diligence (EDD) must be  applied. This may include gathering more detailed information, continuous  monitoring, and obtaining approval from senior management before entering  into a business relationship.

5.3 Onboarding Process: The onboarding process involves:

5.3.1 Completion of the KYC form by the customer, providing all necessary  identification and documentation.

5.3.2 Verification of the provided information against external databases, sanctions  lists, and watchlists.

5.3.3 Approval of the onboarding by the Compliance Officer, especially for high-risk  customers.

5.3.4 Establishing a customer risk profile based on the information collected during  onboarding. ‍

5.4 Ongoing Monitoring: Continuous monitoring of customer activities is essential to detect any unusual or  suspicious behavior:

5.4.1 Transaction Monitoring: Implement automated systems to monitor transactions  and flag any that are inconsistent with the customer’s risk profile.

5.4.2 Regular Updates: Regularly review and update customer information,  especially for high-risk customers or those involved in large or complex  transactions.

5.4.3 Review Alerts: Investigate any alerts generated by the monitoring systems and  determine if a Suspicious Activity Report (SAR) is required.

6. AML/CFT/CPF Procedures

6.1 Risk Assessment: The risk assessment process is central to effective AML/CFT/CPF compliance:

6.1.1 Perform a comprehensive risk assessment to identify potential AML/CFT/CPF  risks associated with different types of customers, products, services, and  geographic locations.

6.1.2 Classify customers into risk categories (low, medium, high) based on factors  such as the nature of the business, transaction patterns, and geographic risk.

6.1.3 Update the risk assessment at least annually or when there are significant  changes in the customer’s behavior or circumstances.

6.2 Reporting of Suspicious Activities: Timely reporting of suspicious activities is crucial;

6.2.1 All employees are required to immediately report any suspicious activities or  transactions to the Compliance Officer, using the internal reporting mechanism. 6.2.2 The Compliance Officer is responsible for analyzing the report and, if necessary,  filing a SAR with the Nigerian Financial Intelligence Unit (NFIU) within the  timeframe required by law.

6.2.3 Maintain confidentiality of the SAR process, ensuring that the customer or other  parties involved are not informed of the report.

6.3 Record Keeping: Proper record-keeping is essential for both compliance and audit purposes:

6.3.1 Maintain all records related to KYC, CDD, and transactions for a minimum of  five years from the date of the transaction or the termination of the business  relationship, whichever is later.

6.3.2 Records should include copies of all identification documents, transaction  records, communication logs, and SARs.

6.3.3 Ensure that records are stored securely and can be accessed quickly if needed  for an audit or investigation.

6.4 Employee Training: Regular training ensures that all staff members are equipped to comply with  AML/CFT/CPF regulations;

6.4.1 Provide AML/CFT/CPF training to all employees at least once a year, with  additional training for new hires and those in high-risk positions.

6.4.2 Training should cover key topics such as the identification of suspicious  activities, the use of transaction monitoring tools, reporting procedures, and  updates on CBN regulations.

6.4.3 Track attendance and performance in training sessions to ensure that all  employees meet the required standards.

7. Roles and Responsibilities

Clear delineation of roles ensures effective implementation of the AML/CFT/CPF policy:

7.1 Board of Directors:

  • Oversee the implementation and effectiveness of the AML/CFT/CPF program. ▪ Ensure that adequate resources are allocated for compliance efforts. ▪ Review and approve the policy annually or as needed.

7.2 Compliance Officer:

  • Manage the day-to-day implementation of the AML/CFT/CPF program. ▪ Conduct risk assessments, monitor transactions, and report suspicious activities. ▪ Liaise with regulatory authorities and ensure that the company complies with all  legal requirements.

7.3 Employees:

  • Adhere strictly to the procedures outlined in this policy.
  • Report any suspicious activities to the Compliance Officer.
  • Participate in regular AML/CFT/CPF training sessions.

8. Internal Controls and Audit

Internal controls and regular audits are vital to maintaining the integrity of the AML/CFT/CPF  program:

8.1 Internal Controls:

  • Implement a system of internal controls to ensure compliance with the  AML/CFT/CPF policy.
  • Regularly review the effectiveness of these controls and make adjustments as  necessary.
  • Use automated systems where possible to enhance the effectiveness of monitoring  and reporting.

8.2 Audits:

  • Conduct regular internal audits of the AML/CFT/CPF program to assess its  effectiveness.
  • Audits should include a review of customer files, transaction monitoring, and SAR  processes.
  • Findings from the audit should be reported to the Board of Directors, along with  recommendations for improvement.

9. Penalties for Non-Compliance

Non-compliance with this policy can result in severe consequences for both the company and  the individual:

9.1 Employees found to be non-compliant with the AML/CFT/CPF policy may face  disciplinary action, up to and including termination of employment.

9.2 Non-compliance may also result in legal penalties for the company, including fines,  sanctions, and damage to the company’s reputation.

9.3 The company may be required to take corrective actions, including enhanced  monitoring, additional training, or changes to internal controls.

10. Review and Amendments

To ensure that the policy remains effective and up-to-date:

10.1 This policy will be reviewed at least annually or whenever there are significant changes  in applicable laws, regulations, or the company’s operations.

10.2 Any amendments to this policy must be reviewed and approved by the Board of  Directors before implementation.

10.3 Employees will be informed of any changes to the policy and provided with updated  training if necessary.

Authorized Signatory Authorized Signatory Jerry Ehanmo Enoma Agbonifo

Appendices

Appendix A: Relevant Laws and Regulations

  • CBN AML/CFT/CPF Regulations
  • Nigerian Financial Intelligence Unit (NFIU) Guidelines
  • International AML/CFT/CPF Standards (e.g., FATF Recommendations)

Appendix B: Sample KYC Forms

  • Individual Customer KYC Form
  • Corporate Customer KYC Form
  • Politically Exposed Persons (PEPs) Identification Form

Appendix C: Contact Information for Regulatory Authorities

  • Central Bank of Nigeria (CBN): contactcbn@cbn.gov.ng , +234 817 665 7060
  • Nigerian Financial Intelligence Unit (NFIU): compliance@nfiu.gov.ng
  • Other Relevant Authorities: info@efcc.gov.ng , +234 8093322644