AML GUIDELINES

Application

This policy applies to all employees, officers, agents, and contractors of HELLO Holdings, and to all operations, products, services, and customer interactions, both in the British Virgin Islands and globally.

AML Compliance Officer

HELLO Holdings has designated Sander Gortjes as the AML Compliance Officer (AMLCO). Responsibilities include:

• Designing and maintaining the AML compliance program

• Conducting risk assessments

• Overseeing due diligence procedures

• Filing Suspicious Activity Reports (SARs)

• Providing AML training to staff

Customer Due Diligence (CDD)

HELLO Holdings will apply Customer Due Diligence (CDD) measures to all clients, including:

a. Standard CDD

• Verification of identity (full name, date of birth, nationality)

• Verification of address

• Collection of purpose and nature of the business relationship

b. Enhanced Due Diligence (EDD)

Required when:

• A client is a Politically Exposed Person (PEP)

• The business relationship or transaction presents a higher risk

• The client is from a high-risk jurisdiction

Ongoing Monitoring

Transactions and business relationships will be monitored for:

• Consistency with known customer profiles

• Unusual patterns or high-risk activity

• Changes in customer behavior or beneficial ownership

All unusual activity will be reported to the AMLCO for further review.

Recordkeeping

HELLO Holdings will maintain records of:

• Customer identification and verification

• Transactions and account activity

• Internal and external reports made

All records will be kept for at least five (5) years from the end of the business relationship, in accordance with BVI law (over a certain threshold).

Reporting Suspicious Activity

All employees are required to report suspicious transactions to the AMLCO immediately. The AMLCO will assess the report and, where necessary, submit a Suspicious Activity Report (SAR) to the Financial Investigation Agency (FIA) of the British Virgin Islands.

Staff Training

All relevant staff will receive AML training:

• At the time of hiring

• On an annual basis

• Upon any major regulatory or internal policy change

Training will include recognizing red flags, understanding reporting obligations, and compliance procedures.

Risk Assessment

HELLO Holdings conducts an annual risk assessment to identify and evaluate:

• Customer risk

• Geographic exposure

• Delivery channels and transaction types

• Emerging threats or typologies

The AML program is adjusted based on the results of this assessment.

Policy Review

This AML Policy will be reviewed and updated annually or more frequently if required due to:

• Changes in laws or regulations

• Operational or business model changes

• Findings from internal or external audits

Application

This policy applies to all high-risk customers, including:

• Politically Exposed Persons (PEPs)

• Customers from high-risk jurisdictions

• Customers involved in unusual or suspicious activities

• Customers with complex ownership structures

• Customers identified during AML screening as requiring further investigation.

Requirement

EDD will be applied when the following risk factors are identified:

• The customer is a PEP, their family members, or close associates.

• The customer is located in or has transactions linked to a high-risk jurisdiction.

• The customer’s activities or transactions appear unusual, large, or inconsistent with their stated business or personal profile.

• The customer has a complex or opaque ownership structure, such as shell companies or trusts.

• The customer’s name or business is flagged in sanction lists, adverse media, or linked to criminal activity.

Procedure

a. Client Information Verification

For all high-risk clients, the following steps must be taken:

• Full legal name, date of birth, and nationality for individuals, or legal entity details for businesses.

• Verification of the client’s residential address or business location.

• Valid identification documents (government-issued ID, passport, company registration).

• Liveness check (selfie or video verification).

• Enhanced KYC forms to capture additional background information.

b. Source of Funds (SoF) Verification

• Obtain and verify the source of funds used for the current transaction or business relationship.

• Supporting documents may include:

  • Recent bank statements or proof of income.

  • Invoices or contracts for business transactions.

  • Loan agreements, asset sales, or other financial documents.

c. Source of Wealth (SoW) Verification

• Obtain and verify the source of the client's total wealth.

• Supporting documents may include:

  • Business ownership and revenue records.

  • Tax returns or audited financial statements.

  • Evidence of real estate holdings, investments, or inheritance.

Monitoring and Review

• High-risk customers will be monitored continuously, with special attention to:

  • Unusual or large transactions that deviate from the expected pattern.

  • Inconsistent information or activities.

  • Changes in ownership or business structure.

• Customer information will be reviewed periodically (approx. 6 to 12 months) to ensure it remains accurate and up-to-date.

Approval and Escalation Process

• Any high-risk customer that requires EDD must be reviewed and signed off by the AML Compliance Officer (AMLCO).

• If necessary, the review will be escalated to senior management for further assessment and decision-making.

• For clients with ongoing high risk, the company may choose to terminate the relationship or impose restrictions.

Recordkeeping and Documentation

• All documents collected as part of the EDD process (ID verification, source of funds, source of wealth, approval records) must be securely stored for a minimum of 5 years.

• Detailed records of the EDD process and any rationale for risk assessments should be maintained.

• Files should be tagged for periodic review to ensure compliance with ongoing monitoring requirements.

Training and Awareness

All employees involved in customer onboarding, compliance, and monitoring must be trained on the following:

• Identifying and understanding high-risk clients and transactions.

• The EDD process and required documentation.

• Recognizing and reporting suspicious activity.

• Any changes to this EDD Policy and AML regulations.

Policy Review

This policy will be reviewed and updated annually, or more frequently if necessary, to ensure:

• Compliance with local and international AML regulations.

• Reflection of changes in the company’s risk profile or customer base.

• Implementation of any new technologies or processes for client screening.

Application

This policy applies to:

• All customers of HELLO Holdings

• All products and services offered

• All relevant staff involved in customer due diligence, compliance, and transaction processing

Objectives

The objectives of ongoing monitoring are to:

• Detect suspicious activity

• Identify changes in customer behavior or risk profile

• Ensure customer information remains current and accurate

• Maintain a risk-based approach to compliance

Risk-Based Approach

HELLO Holdings applies a risk-based approach to ongoing monitoring:

• High risk

  • Quarterly (or continously if needed)

• Medium risk

  • 6-12 months (as needed)

• Low risk

  • Annually (if needed)

Monitoring Activities

5.1. Transaction Monitoring

• Monitor transactions to ensure they align with the customer’s expected behavior, profile, and source of funds.

• Look for:

  • Unusually large or frequent transactions

  • Transactions to or from high-risk jurisdictions

  • Rapid movement of funds

  • Use of shell companies or complex structures

5.2. Screening

• Re-screen customers periodically against:

  • Sanction lists (OFAC, UN, EU)

  • Politically Exposed Persons (PEP) lists

  • Adverse media databases

• Screening should be automated where possible, and performed at regular intervals or upon significant changes.

5.3. Customer Information Review

• Regularly update:

  • Identity documents

  • Address or contact details

  • Ownership and control structures (for corporate clients)

  • Source of Funds (SoF) and Source of Wealth (SoW) information (especially for high-risk clients)

Escalation and Reporting

If suspicious activity is detected:

• Staff must immediately report it to the AML Compliance Officer (AMLCO).

• A decision will be made as to whether a Suspicious Activity Report (SAR) should be filed with the BVI Financial Investigation Agency (FIA).

• Further action may include:

  • Freezing the account or suspending the relationship

  • Conducting an internal investigation

  • Escalating to senior management

Use of Technology

HELLO Holdings may use automated transaction monitoring and screening systems to:

• Identify abnormal patterns

• Flag PEPs and sanctioned individuals or entities

• Maintain an audit trail for all monitoring and compliance decisions

Training and Staff Awareness

All employees involved in client-facing, compliance, and transaction roles will receive:

• Initial and annual AML/ongoing monitoring training

• Scenario-based workshops for identifying suspicious behavior

• Updates when regulations or internal policies change

Recordkeeping

• All monitoring activities, alerts, actions taken, and SARs (if filed) must be documented and stored securely for a minimum of 5 years.

• Audit logs must be maintained for all automated monitoring systems used.

Policy Review

This policy will be reviewed:

• At least annually

• After any significant regulatory or operational change

Upon request by regulators or auditors

Application

This policy applies to:

• All customers and counterparties

• All transaction types (incoming/outgoing, fiat/crypto, cross-border/local)

• All products and services offered

• All staff involved in transaction processing or monitoring

Objectives

The goals of this policy are to:

• Identify unusual or suspicious transactions

• Prevent money laundering, terrorist financing, and other financial crimes

• Ensure the effectiveness of HELLO Holdings’ risk-based AML framework

• Escalate and report concerns internally and to the BVI Financial Investigation Agency (FIA) when required

Risk-Based Monitoring

Transaction monitoring is conducted using a risk-based approach:

• High risk

  • Real-time (as close to)

• Medium risk

  • Monthly manual

• Low risk

  • Automated batch

Monitoring Triggers and Red Flags

• Large or frequent transfers inconsistent with customer profile

• Sudden increase in transaction size or volume

• Unexplained cross-border transactions

• Use of high-risk jurisdictions

• Structuring

• Use of third-party accounts

• Round-dollar or round-trip transactions

HELLO Holdings maintains an internal Red Flag Indicators List to support staff in identifying suspicious behavior.

Monitoring Methods

HELLO Holdings will use the following tools and techniques:

• Automated rules-based monitoring system for transaction pattern recognition

• Manual reviews of flagged alerts or high-risk client activity

• Real-time screening for certain high-risk customers (where applicable)

• PEP, sanctions, and adverse media screening during or before execution

Investigation and Escalation Process

If a transaction is flagged:

1. The Compliance Analyst reviews the transaction and related customer data.

2. If the alert cannot be reasonably explained:

   • It is escalated to the AML Compliance Officer (AMLCO).

3. The AMLCO determines:

   • Whether to request more information from the customer.

   • Whether to file a Suspicious Activity Report (SAR) with the BVI FIA.

   • Whether to freeze the transaction or terminate the customer relationship (if necessary).

Reporting Suspicious Activity

• SARs will be filed in accordance with the BVI Proceeds of Criminal Conduct Act (POCCA).

• SARs are confidential and must only be shared with relevant authorities and internal compliance staff.

• Tipping-off is strictly prohibited.

Recordkeeping

HELLO Holdings will retain:

• All alerts, investigations, actions taken, and SAR filings

• Transaction data and monitoring logs

• Records for at least 5 years in a secure, tamper-proof format

Training

• All relevant employees must receive transaction monitoring training at onboarding and annually.

• Training must cover:

  • Red flag indicators

  • Use of monitoring tools

  • Escalation procedures

  • Legal responsibilities, including SAR filing

Review and Updates

This policy will be reviewed:

• Annually

• Upon major regulatory changes or operational shifts

• After feedback from regulators or internal audit

Governance and Oversight

The AML Compliance Officer is responsible for:

• Policy implementation and oversight

• Ensuring transaction monitoring systems are effective

• Ensuring appropriate staffing, training, and escalation channels

Application

This policy applies to:

• All employees, contractors, officers, and directors

• Third parties including vendors, customers, and business partners

• All jurisdictions where HELLO Holdings operates

Definition of Fraud

Fraud is defined as any intentional act or omission designed to deceive others, resulting in the victim suffering a loss and/or the perpetrator achieving a gain. This includes but is not limited to:

• Misappropriation of assets

• Falsification of records or documents

• Identity theft or impersonation

• Insider trading

• Bribery and corruption

• False accounting or expense reporting

• Money laundering or aiding illicit transactions

Zero Tolerance Statement

HELLO Holdings maintains a zero tolerance approach to fraud. Any employee or third party found to be engaging in fraudulent activity will be subject to disciplinary action, which may include termination of employment, legal action, and reporting to authorities.

Roles and Responsibilities

5.1. All Employees

• Report suspected fraud immediately

• Cooperate with internal and external investigations

• Comply with all relevant controls and policies

5.2. Management

• Promote an ethical culture

• Implement fraud prevention controls in their areas of responsibility

5.3. Compliance / AML Officer

• Maintain and review this policy

• Investigate fraud reports and escalate to senior management or law enforcement

• File Suspicious Activity Reports (SARs) when required

Fraud Prevention Measures

HELLO Holdings shall implement the following to prevent fraud:

• Know Your Customer (KYC) and customer due diligence

• Background checks during hiring and onboarding

• Segregation of duties and access controls

• Transaction monitoring systems (for both fiat and crypto)

• Vendor due diligence and contract audits

• Whistleblower mechanism for anonymous reporting

Fraud Detection

Fraud may be detected through:

• Internal audits and reviews

• Red flag indicators in financial or behavioral activity

• Customer or staff complaints

• Automated monitoring alerts (e.g., suspicious transaction patterns)

• Anonymous whistleblowing reports

Reporting and Investigation Process

• Report: Any suspicion of fraud must be reported to the AMLCO or via the whistleblowing channel.

• Review: The AMLCO will perform an initial risk assessment.

• Investigation: If warranted, a formal investigation will be conducted discreetly.

• Outcome: Actions may include disciplinary sanctions, legal escalation, or SAR filing with the BVI Financial Investigation Agency.

• Confidentiality: All investigations will be kept confidential to the extent possible.

• Protection: Whistleblowers will be protected from retaliation.

Training and Awareness

All staff will be provided with training on:

• How to recognize fraud

• How to report suspicious activity

• The consequences of committing or ignoring fraud

Training is mandatory at onboarding and annually thereafter.

Recordkeeping

All reports, investigations, and actions taken will be documented and securely stored for at least 5 years in accordance with regulatory obligations.

Policy Review

This policy will be reviewed annually or upon:

• Material regulatory changes

• Fraud incident findings

• Audit or regulator recommendations