AML/KYC Policy and Procedures

Policy Statement

PayOak, a subsidiary of StoneBridge Technologies Limited, is committed to maintaining the highest standards of compliance with Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations. As a trusted escrow service provider, we prioritise the safety and integrity of all transactions conducted on our platform. Our AML/KYC policy is designed to prevent the misuse of our services for illicit activities, including money laundering, terrorism financing, fraud, and other financial crimes. We adhere to all relevant local and international regulations, including guidelines set forth by the Financial Action Task Force (FATF) and applicable Nigerian laws, to ensure transparency and compliance in all our business dealings. To meet these obligations, Payoak.net has implemented stringent KYC processes for verifying the identity of our users and conducts ongoing monitoring of transactions. This ensures that we only engage with legitimate individuals and businesses, safeguarding our platform and the broader financial ecosystem. Through these measures, Payoak.net strives to foster a secure environment for our Payoak.net users while fully supporting global efforts to combat financial crime.

Money laundering is converting money or other monetary instruments gained from illegal activity (fraud, corruption, terrorism, etc.) into money or investments that appear to be legitimate so that their illegal source cannot be traced. In the event of circumstances in which PayOak's client, agent, or employee has attempted money laundering, PayOak will take all necessary measures to prevent the above circumstances and their possible consequences in compliance with domestic and international law.

1. PayOak's Anti-money Laundering Procedures

Money laundering is the process of converting money or other assets obtained from illegal activities, such as fraud, corruption, or terrorism, into legitimate assets to obscure their illegal origin. If a client, agent, or employee of PayOak.net is suspected of involvement in money laundering, PayOak.net will take all necessary actions to prevent these activities and  mitigate  any  consequences,  ensuring  compliance  with  both  Nigerian  and international law. PayOak.net adheres strictly to the anti-money laundering and counter- terrorism financing (AML/KYC) regulations, as outlined in the Nigerian Money Laundering (Prohibition) Act of 2011 (as amended) and the Central Bank of Nigeria (CBN) guidelines. These laws mandate that financial institutions collect, verify, and securely store customers’ identification data. To comply, PayOak.net employs an advanced electronic system to verify client identities, record transactions, and monitor activities in line with these regulations, ensuring all suspicious transactions are reported to the Nigerian Financial Intelligence Unit (NFIU).

2. Client Identification

For compliance with Nigeria’s Anti-Money Laundering (Prohibition) Act, 2011 (as amended) and the Central Bank of Nigeria (CBN) KYC requirements, PayOak.net implements a comprehensive client identification process. This process ensures that all customers are thoroughly vetted before using the platform for any transactions, adhering to both national and international standards.

To verify a customer’s identity, PayOak.net requires two distinct documents:

1. Government-Issued Photo Identification: The first document must be a government- issued form of identification that includes the customer’s photograph. Accepted documents include:

• A Nigerian passport or another country’s passport,

• A driver’s license (for countries where the driver’s license serves as a primary identification document),

• A National Identity Card or a local government ID.

• Note that company access cards or non-governmental ID cards are not acceptable under Nigerian AML regulations.

2. Proof of Address: The second document must confirm the client’s physical address and bear the client’s name. It must be issued no later than three months prior. Acceptable documents include:

• A utility bill,

• A bank statement,

• An affidavit confirming the address,

• Documents issued by internationally recognised organisations or Nigerian regulatory bodies showing the client’s name and address.

3. Additional Identification for Card Deposits: To deposit funds using a bank card, customers must submit full-colour copies of both sides of the card within 48 hours. The front of the card must clearly display:

• The first six and last four digits of the card number,

• The cardholder’s name,

• The expiry date.

The reverse side must be signed, and the CVV/CVC code should be concealed to ensure compliance with VISA and Mastercard rules. If the card does not display the holder’s name (as in the case of virtual cards), customers are required to submit a screenshot from their online banking profile or a bank statement showing the card number and the cardholder’s name.

4. In cases where a customer requests a phone number change associated with their PayOak.net account, they are required to provide:

• A document proving ownership of the new phone number, such as an agreement with a mobile service provider,

• A photograph showing the customer holding their ID next to their face for identity confirmation.

3. Bank Deposits

To make deposits using a bank card, PayOak users are required to submit full-size colour copies of the front and back sides of their bank cards within two days. Should a client refuse to provide such copies in time, his/her trading account will be blocked, and money will go back on the card. The front side of the bank card must feature the first six and last four digits of the card number, as well as the holder's name and the expiry date. The back of the card must be signed. The CVC/CVV code must be covered. According to VISA and Mastercard rules, the holder's signature must be in the signature field on the back of the card. If a card doesn't have the holder's name or a virtual card is used, Payoak.net users are required to provide a screenshot of their profile with a bank or a bank statement that shows the card number and the holder's name.

To change the phone number related to the Client Profile, PayOak users are required to provide a document confirming ownership of a new phone number (agreement with a mobile phone service provider) and a photo of the ID held beside the Client’s face. The Client’s personal data shall be the same in both documents.

PayOak users must submit up-to-date identification information and immediately inform PayOak of any changes in their identification information.

All documents must be in English or translated into English by an official translator; the translation must be stamped and signed by the translator and sent together with the original document clearly showing the client’s photo.

4. Tracking and Documentation

PayOak ensures thorough monitoring and documentation of suspicious activities and transactions, complying with Nigerian anti-money laundering laws and regulations. As part of its compliance with the Money Laundering (Prohibition) Act, 2011 (as amended), PayOak tracks all transactional activity that raises red flags under its established guidelines. Any irregularities in transaction patterns, client behaviour, or activities that suggest attempts at money laundering or terrorism financing are closely scrutinised.

Section 10 of the Money Laundering (Prohibition) Act, financial institutions are mandated to report suspicious transactions to the Nigerian Financial Intelligence Unit (NFIU) without delay. PayOak follows this requirement by submitting a Suspicious Transaction Report (STR) when activities such as unusual transfers, structured payments, or unexpected changes in account behaviour are detected. This helps prevent money laundering and protect the financial system from being used for illicit purposes.

PayOak also ensures compliance with the Central Bank of Nigeria’s Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) regulations, which set out the responsibilities of financial institutions to record and monitor client activities. PayOak's system documents all client transactions in real-time, ensuring that records are securely stored and accessible for audit and investigation purposes. Such documentation is critical, as it helps detect patterns or anomalies over time, which may indicate potential money laundering schemes.

In compliance with international frameworks like the Financial Action Task Force (FATF) recommendations, PayOak protects the confidentiality of individuals and institutions that report suspicious activities. The Nigerian legal framework also provides protection for those reporting such activities under Section 6 of the Money Laundering (Prohibition) Act, ensuring that whistleblowers are not exposed to harm or retaliation.

5. No Cash Settlements

PayOak is committed to adhering to the Nigerian Anti-Money Laundering (AML) laws and the global standards on combating terrorism financing (CFT). To minimise the risk of money laundering and terrorist financing, PayOak strictly prohibits the acceptance of cash for any form of payment, including deposits, withdrawals, or any other transactions. All payments must be made through verifiable and traceable electronic channels.

Under the Money Laundering (Prohibition) Act, 2011 (as amended), cash transactions over a certain threshold are heavily scrutinised in Nigeria due to their high potential for facilitating illegal activities. Section 1 of the Act restricts the amount of cash transactions individuals and corporations can engage in and requires reporting of transactions exceeding the set limits to the Nigerian Financial Intelligence Unit (NFIU). By outright prohibiting cash settlements, PayOak not only reduces the burden of compliance but also minimises the exposure to risks associated with cash-based financial crimes, including money laundering, tax evasion, and financing terrorism.

The Central Bank of Nigeria (CBN), through its AML/CFT regulations, mandates that financial institutions avoid high-risk transactions, which include cash transactions that are difficult to trace. By prohibiting cash deposits or withdrawals, PayOak aligns itself with the CBN’s Cashless Policy, which aims to encourage electronic transactions, improve transparency, and reduce the risks associated with cash handling.

This prohibition is part of PayOak’s broader effort to ensure transparency in all transactions and comply with the Financial Action Task Force (FATF) recommendations. The FATF emphasizes that financial institutions must implement risk-based measures to prevent the misuse of financial systems for money laundering or terrorist financing.

PayOak ensures that all client funds are processed through traceable, verifiable, and auditable financial channels, allowing for proper monitoring and reporting in case of suspicious activity. This reinforces PayOak’s commitment to global standards on AML/CFT and the protection of the financial system from abuse.

6. No Cash Transactions

PayOak will not accept any form of cash deposits, withdrawals, or other cash-based transactions from clients, agents, or third parties under any circumstances. All transactions must be conducted through electronic payment channels, such as bank transfers, credit/debit cards, or other approved digital payment methods that can be tracked and verified.

7. Transaction Monitoring

Any attempt to engage in cash-based transactions will be flagged as suspicious and may trigger enhanced due diligence procedures, including a review by the compliance team. Such activities may be reported to the Nigerian Financial Intelligence Unit (NFIU) as required by law.

8. Customer Communication

PayOak users will be informed of the no-cash settlement policy during the onboarding process and in all subsequent interactions. This policy will also be publicly available on the PayOak website and communicated through other appropriate channels.

9. Compliance with International Standards

In addition to complying with Nigerian laws, this policy follows international guidelines, such as those set forth by the Financial Action Task Force (FATF). FATF recommends that financial institutions minimise the use of cash due to the anonymity and lack of traceability that cash transactions can provide, thus creating a higher risk for money laundering and terrorist financing.

10. Reporting and Enforcement

Any breaches of this policy will be investigated in accordance with PayOak’s compliance and risk management framework. Disciplinary actions, including account suspension or closure, may be taken against PayOak users who attempt to violate this policy.

Suspicious activity involving cash transactions, or efforts to bypass the no-cash policy, will be reported to the NFIU in compliance with Nigerian AML regulations and international best practices.

11. PEP Declaration

As part of PayOak’s commitment to preventing money laundering and terrorist financing, all users are required to declare their status as a Politically Exposed Person (PEP) during the account verification process. Users must disclose their PEP status by ticking the appropriate field in the Verification section of their Client Profile. Along with this declaration, PEPs are required to provide copies of supporting documents that confirm their status and clearly indicate the origin of any funds used for deposits on PayOak.

A PEP is defined as a natural person who is or has been entrusted with prominent public functions. The following categories of individuals are considered to be PEPs:

1. Heads of State, heads of government, ministers, deputy or assistant ministers.

2. Members of parliament or similar legislative bodies.

3. Members of the governing bodies of political parties.

4. Members of supreme courts, constitutional courts, or other high-level judicial bodies whose decisions are not subject to further appeal.

5. Members of courts of auditors or boards of central banks.

6. Ambassadors, chargés d’affaires, and high-ranking officers in the armed forces.

7. Members of the administrative, management, or supervisory bodies of state- owned enterprises.

8. Directors, deputy directors, and members of boards or equivalent functions.

9. Mayors.

This definition does not include middle-ranking or more junior officials. PEPs also include family members and close associates:

1. Family members:

   • Spouse or equivalent.

   • Children and their spouses or persons considered equivalent.

   • Parents of the PEP.

2. Close associates:

   • Individuals with joint beneficial ownership of legal entities or arrangements with the PEP.

   • Individuals with sole beneficial ownership of legal entities set up for the de facto benefit of a PEP.

12. PEP Monitoring and Documentation

PayOak is legally required to verify and monitor PEPs to ensure the transparency of the origin of funds. Should a PEP fail to provide adequate documentation that clarifies the source of their deposited funds, Payoak.net is obliged to refuse services and return the funds.

The company conducts periodic reviews of all declared PEP statuses. The status of any confirmed PEP is re-assessed annually, requiring the client to update any relevant information. This ensures the ongoing accuracy and compliance of PEP-related data and allows Payoak.net to maintain a robust monitoring system in line with the requirements of the Money Laundering (Prohibition) Act, 2011 (as amended) and relevant guidelines from the Central Bank of Nigeria (CBN) and the Nigerian Financial Intelligence Unit (NFIU).

13. Suspicious Activity Reporting

PayOak reserves the right to maintain a rigorous approach to monitoring and identifying suspicious activities to prevent money laundering, terrorist financing, and other financial crimes. As part of this commitment, Payoak.net employs continuous oversight of client transactions and profiles, with special attention given to Politically Exposed Persons (PEPs) and any unusual activity that deviates from typical financial behaviour.

Any suspicious transaction or change in the financial activity of a PEP, or any other client, will prompt an in-depth review by PayOak’s compliance team. This review may be initiated by patterns or activities that suggest money laundering, including but not limited to:

1. Large, unusual, or unexplainable transactions that do not align with the client’s declared purpose of their account or expected transaction activity.

2. Multiple small deposits or withdrawals that appear structured to evade reporting thresholds.

3. Transfers to or from high-risk jurisdictions with minimal explanation.

4. The sudden involvement of third parties in account activities without clear justification.

Upon detection of suspicious activities, PayOak will conduct an enhanced due diligence process. This involves further verifying the client’s identity, assessing the legitimacy of the activity, and determining whether the origin of funds is clear and legitimate.

If the compliance team concludes that the activity is indeed suspicious and potentially linked to money laundering or terrorist financing, PayOak is legally obligated to report these activities to the Nigerian Financial Intelligence Unit (NFIU) through a Suspicious Transaction Report (STR). This reporting process includes:

1. Submitting a detailed report of the suspicious activity to the NFIU without notifying the customer of the report (to avoid tipping off the client, as mandated by Nigerian law).

2. Cooperating fully with the NFIU or other relevant law enforcement agencies by providing additional documents, transaction records, and communication logs as needed.

3. Freezing or restricting account activity where necessary, pending further investigation or instructions from the NFIU.

14. Confidentiality & Legal Protections

All employees and officers of PayOak involved in the monitoring and reporting process will maintain the confidentiality of any SAR or STR submissions. Nigerian law also provides legal protection for individuals and institutions that file such reports in good faith, safeguarding them from liability related to the reporting of suspicious activities. This ensures that PayOak can fulfil its AML obligations without fear of retaliation, while also contributing to the broader effort to combat financial crimes within and beyond Nigeria. PayOak declares that it is committed to adhering to these standards to ensure compliance with domestic and international anti-money laundering frameworks, thus playing its part in maintaining the integrity of the financial system.

15. Refusal to Process Suspicious Transaction

PayOak reserves the right to refuse a transaction at any stage if, in PayOak's opinion, the transaction may be related to money laundering or criminal activity. PayOak is not obligated under international law to inform the client that their activities have been reported as suspicious to the appropriate authorities.

16. System Updates

PayOak is dedicated to maintaining the integrity and security of its operations through continuous updates to its electronic systems used for verifying transactions and client identification data. These updates are essential for ensuring compliance with current legislation, including the Nigerian Anti-Money Laundering (AML) laws and Know Your Customer  (KYC)  regulations.  To  achieve  this,  PayOak  employs  advanced technological solutions that incorporate the latest compliance requirements and best practices. Regular system updates are critical for several reasons:

1. Regulatory Compliance: As financial regulations evolve, PayOak ensures that its systems align with new requirements set forth by regulatory bodies, such as the Nigerian Financial Intelligence Unit (NFIU) and the Central Bank of Nigeria (CBN). This includes adapting to changes in the Money Laundering (Prohibition) Act and other relevant legislation. By staying current with regulatory changes, Payoak.net mitigates the risk of non-compliance and the associated penalties.

2. Enhanced Security Features: The regular updates to PayOak’s electronic systems are designed to enhance the security features that protect client data and financial transactions.  This  includes  implementing  robust  encryption  protocols,  secure authentication  measures,  and  continuous  monitoring  for  potential  vulnerabilities. According to cybersecurity best practices, regularly updating systems is crucial for protecting against data breaches and cyber threats.

3. Improved Transaction Monitoring: By refining the algorithms and criteria used for transaction monitoring, PayOak can more effectively identify suspicious activities. Enhanced monitoring capabilities allow for real-time analysis of transactions, enabling quicker responses to potentially illicit activities and ensuring that proper reporting procedures are followed when necessary.

4. User-Friendly Interface: System updates often include improvements to the user interface, making it easier for PayOak users to navigate the platform and complete their identification processes. A user-friendly experience is vital for compliance, as it encourages Payoak.net users to provide accurate and complete documentation.

5. Training and Awareness: PayOak’s compliance team is trained on system updates and new compliance features, ensuring they are equipped to utilise the system effectively. Regular training sessions keep staff informed about changes in the regulatory landscape and how to leverage the updated system for enhanced compliance.

17. Data Storage Policy

PayOak is committed to maintaining the privacy and security of client data. Upon the closure of access to a client’s profile, including trading accounts on the website or mobile application, as well as trading platforms, specific data will be retained for a period of five years. This retention period complies with the regulatory requirements set forth in Nigeria’s Anti-Money Laundering (AML) laws and other applicable legal frameworks.

For Individual Clients

1. Personal Information:

   • Full Name

   • Email Address

   • User ID

   • Confirmed Residential Address

   • Phone Number

2. Financial Information:

   • Payment Details

   • Trading History

   • Correspondence with the Company

3. Photo and Video:

   • Copies and/or Photos of Supporting Documents

For Legal Entity Clients

1. Registration Information:

   • Company Name

   • Full Company Corporate Details

   • User ID

   • Phone Number

   • Email Address

2. Financial Information:

   • Payment Details

   • Trading History

   • Correspondence with the Company

3. Photo and Video:

   • Copies and/or Photos of the Company’s Supporting Corporate Documents

   • Copies and/or Photos of Supporting Documents of the Individual Representing the Company

This data retention policy ensures compliance with Nigerian regulations, including the Money Laundering (Prohibition) Act, which mandates record-keeping for specific transactions and customer identification data to facilitate monitoring and reporting of suspicious activities. PayOak’s adherence to these guidelines underscores its commitment to preventing money laundering and ensuring the integrity of its operations.

Data will be securely stored in accordance with industry standards, with access limited to authorised personnel only. After the five-year retention period, all data will be securely disposed of to protect client privacy. For more information on data protection laws in Nigeria, you can refer to the Nigerian Data Protection Regulation (NDPR).

The extensive identification process outlined for PayOak.net aligns with Nigerian Anti- Money Laundering (AML) laws and KYC requirements. It effectively addresses the regulatory need for financial institutions to verify clients’ identities and maintain accurate records, which is critical for combating money laundering and terrorism financing. This process includes requirements for government-issued identification, proof of address, and additional measures for card deposits and phone number changes. By ensuring that Payoak.net users submit valid identification documents and by implementing stringent verification procedures, PayOak.net demonstrates its commitment to complying with the Nigerian Money Laundering (Prohibition) Act and the guidelines set forth by the Central Bank of Nigeria.

For further information on Nigerian AML laws and KYC requirements, you can refer to the following resources:

• Nigerian Money Laundering (Prohibition)

• Act Central Bank of Nigeria KYC Guidelines

Effective Date: 02/12/2024