AML/KYC Compliance Policy

InsitePro is committed to maintaining the highest standards of regulatory compliance across all our products and services. As a technology company facilitating financial transactions through Natepay, we recognize our responsibility to prevent financial crimes and protect our users.

This policy outlines our Anti-Money Laundering (AML), Know Your Customer (KYC), and Counter-Terrorism Financing (CTF) procedures. We comply with:

- Central Bank of Nigeria (CBN) regulations - Nigeria Financial Intelligence Unit (NFIU) requirements - Financial Action Task Force (FATF) recommendations - Relevant Nigerian laws including the Money Laundering (Prohibition) Act

**Individual Users**

Before accessing payment features on Natepay, individual users must provide:

**Tier 1 (Basic Verification):** - Full legal name - Phone number (verified via OTP) - Email address - Date of birth

**Tier 2 (Standard Verification):** - Government-issued ID (National ID, Driver's License, International Passport, or Voter's Card) - Proof of address (utility bill, bank statement dated within 3 months) - Selfie verification for identity confirmation

**Tier 3 (Enhanced Verification):** - Bank Verification Number (BVN) - Additional source of funds documentation - Enhanced due diligence questionnaire

**Business Users**

Business accounts on our platform must provide: - Certificate of Incorporation (CAC documents) - Memorandum and Articles of Association - List of directors and shareholders with ownership above 10% - Valid ID of all directors and significant shareholders - Proof of business address - Tax Identification Number (TIN) - Board resolution authorizing account opening

**How We Verify Your Identity**

Our verification process is designed to be thorough yet user-friendly:

**Step 1: Document Submission** - Upload clear, legible copies of required documents - Ensure all information matches across documents - Documents must be valid and not expired

**Step 2: Automated Checks** - Document authenticity verification - Cross-reference with government databases where applicable - Facial recognition matching (selfie vs. ID photo)

**Step 3: Manual Review** - Our compliance team reviews flagged submissions - Additional information may be requested - Complex cases are escalated to senior compliance officers

**Verification Timeline:** - Tier 1: Instant to 24 hours - Tier 2: 1-3 business days - Tier 3: 3-5 business days - Business accounts: 5-7 business days

**Rejected Applications** - You will be notified of rejection reasons - You may resubmit with corrected documentation - Appeals can be made to compliance@insitepro.co

**Continuous Monitoring**

We employ sophisticated systems to monitor transactions for suspicious activity:

**Automated Monitoring:** - Real-time transaction screening - Pattern recognition for unusual behavior - Velocity checks (transaction frequency and amounts) - Geographic risk assessment - Cross-reference against sanctions lists

**Risk Indicators We Monitor:** - Transactions inconsistent with user profile - Rapid movement of funds (structuring) - Transactions with high-risk jurisdictions - Multiple accounts with similar patterns - Unusually large transactions for account type - Frequent transactions just below reporting thresholds

**Transaction Limits:**

Limits are based on verification tier: - Tier 1: Daily limit of ₦50,000 | Monthly limit of ₦200,000 - Tier 2: Daily limit of ₦500,000 | Monthly limit of ₦3,000,000 - Tier 3: Daily limit of ₦5,000,000 | Monthly limit of ₦30,000,000 - Business: Custom limits based on business profile

**Our Reporting Obligations**

InsitePro is required to report suspicious activities to the Nigeria Financial Intelligence Unit (NFIU). We take this obligation seriously.

**What Triggers a Report:** - Transactions that appear to involve proceeds of crime - Attempts to circumvent identification requirements - Transactions inconsistent with known legitimate business - Suspected terrorism financing - Unusual transaction patterns without legitimate explanation

**Our Process:** 1. Suspicious activity is flagged by our monitoring systems 2. Compliance team reviews and investigates 3. If warranted, Suspicious Transaction Report (STR) is filed with NFIU 4. Records are maintained for regulatory requirements 5. User accounts may be restricted pending investigation

**Important:** - We are prohibited from informing users if an STR has been filed (tipping off) - Filing an STR does not necessarily mean illegal activity occurred - We cooperate fully with law enforcement investigations

**Activities Not Permitted on Our Platform**

The following activities are strictly prohibited:

**Financial Crimes:** - Money laundering or attempting to disguise illegally obtained funds - Terrorist financing or support for terrorist organizations - Fraud, including identity theft and payment fraud - Tax evasion or facilitating tax evasion - Sanctions violations

**Platform Misuse:** - Creating multiple accounts to circumvent limits - Providing false or misleading information - Using another person's identity or account - Operating unlicensed money transmission services - Facilitating illegal gambling

**Illegal Transactions:** - Drug trafficking proceeds - Human trafficking - Arms trafficking - Cybercrime proceeds - Bribery and corruption

**Consequences:** - Immediate account suspension - Permanent ban from our services - Reporting to relevant authorities - Pursuit of legal action where appropriate

**How We Protect Your Information**

We understand that KYC requires collecting sensitive personal information. Here's how we protect it:

**Security Measures:** - End-to-end encryption for data transmission - Encrypted storage for documents and personal data - Access controls limiting who can view sensitive information - Regular security audits and penetration testing - Secure data centers with physical access controls

**Data Handling:** - KYC documents are stored securely and accessed only when necessary - Biometric data (selfies) are used solely for verification - We do not sell or share your data for marketing purposes - Data is retained as required by law (minimum 5 years after account closure)

**Your Rights:** - Request access to your personal data - Request correction of inaccurate data - Request deletion (subject to legal retention requirements) - Withdraw consent for non-essential processing

See our Privacy Policy for complete details on data handling.

**International Sanctions Screening**

InsitePro screens all users and transactions against global sanctions lists:

**Lists We Screen Against:** - United Nations Security Council Consolidated List - US Office of Foreign Assets Control (OFAC) SDN List - UK HM Treasury Sanctions List - EU Consolidated Sanctions List - NFIU/CBN local watchlists

**Screening Process:** - Initial screening during onboarding - Ongoing screening as sanctions lists are updated - Transaction-level screening for high-risk payments - Periodic re-screening of existing users

**Potential Matches:** - Potential matches are reviewed by our compliance team - False positives are documented and cleared - Confirmed matches result in account restrictions - Required reports are filed with relevant authorities

**Geographic Restrictions:** We do not process transactions to or from certain high-risk jurisdictions as determined by FATF, CBN guidance, and our internal risk assessment.

**Dedicated Compliance Function**

InsitePro maintains a dedicated compliance function responsible for:

**Compliance Officer Responsibilities:** - Oversight of AML/KYC program implementation - Regular risk assessments - Policy updates and staff training - Regulatory liaison and reporting - Investigation of potential violations

**Training:** - All staff receive AML/KYC awareness training - Compliance team receives specialized ongoing training - Training is updated when regulations change - Records of training are maintained

**Independent Review:** - Annual independent audit of AML program - Regular testing of controls and procedures - Findings reported to senior management - Remediation of identified gaps

**Governance:** - Compliance reports to senior management - Regular board-level compliance updates - Clear escalation procedures for serious issues

**As a User, You Agree To:**

**Provide Accurate Information:** - Submit truthful and accurate KYC documentation - Update your information if it changes - Not use false identities or documentation

**Use Services Legitimately:** - Only use our services for lawful purposes - Not attempt to circumvent our controls - Not facilitate transactions for third parties to avoid limits

**Report Suspicious Activity:** - Report any suspicious activity you observe - Notify us if your account is compromised - Alert us to potential fraud or misuse

**Cooperate with Verification:** - Respond promptly to requests for additional information - Allow reasonable time for verification processes - Understand that limits exist for everyone's protection

**Contact for Concerns:** If you suspect fraudulent activity on your account or observe suspicious behavior on our platform, contact us immediately: - Email: compliance@insitepro.co - Subject line: "Suspicious Activity Report"

**Compliance Inquiries**

For questions about our compliance policies or to report concerns:

**Compliance Team:** Email: compliance@insitepro.co

**General Support:** Email: nathan@insitepro.co

**Product-Specific:** - Natepay: support@natepay.co - GetCaboo: support@getcaboo.com

**Business Address:** InsitePro Technologies Lagos, Nigeria

**Regulatory Contacts:** For concerns about our compliance, you may also contact: - Nigeria Financial Intelligence Unit (NFIU) - Central Bank of Nigeria (CBN)

We are committed to maintaining the trust of our users and regulatory bodies. This policy is reviewed and updated regularly to ensure continued compliance with evolving regulations.