Anti-Money Laundering/Anti-Terrorism Financing (AML/CFT) Policies & Procedures

Anti-Money Laundering/Anti-Terrorism Financing (AML/CFT) Policies & Procedures

1. Introduction

1.1. As a company, Canis are committed to carrying on business in accordance with the highest ethical standards. This includes complying with all applicable laws and regulations aimed at combating money laundering and terrorist financing. This Policy has been developed by Canis to reduce the risk of money laundering and terrorist financing associated with Canis’s payment service and the use of Canis Payment Solution.

1.2. The management of Canis is committed to complying with all laws. Any employee who violates the rules in this Policy or who permits anyone to violate those rules may be subject to appropriate disciplinary action, up to and including dismissal, and may be subject to penalties or fines.

2. Policy Statement on AML

2.1. It is Canis's policy to comply with all applicable AML/CFT Laws in all Canis operations. To this end, Canis will only onboard customers with who are involved in legitimate business activity and whose funds are derived from legitimate sources.

2.2. This Policy is intended to help employees, contractors, and other third parties (if any) acting on the company’s behalf to understand where breaches of AML Laws might arise and to support them in making the right decisions in line with Canis’s position as stated in this Policy.

3. Board of Director Endorsement

3.1. Canis’s Board of Directors is fully committed in establishing an effective internal control system for AML/CFT. It is the responsibility, of the Board & Senior Management to ensure such internal controls are in place and implemented effectively.

4. Who is subject to this Policy?

4.1. This Policy applies to all Canis's operations, including all directors, officers, employees, contractors, and other third parties acting on behalf of Canis (if any).

5. What is the risk?

5.1. Violations of AML/CFT laws may lead to severe civil and/or criminal penalties against companies and individuals, including significant monetary fines, imprisonment, extradition, blacklisting, revocation of licences, and disqualification of directors.

5.2. In addition, violations of AML Laws can lead to damaging practical consequences, including harm to reputation and commercial relationships, restrictions in the way Canis can do business, and extensive time and cost in conducting internal investigations and/or defending against regulatory investigations and enforcement actions.

6. Definition of Money Laundering and Terrorist Financing

6.1. Money laundering is defined as the process of converting money/property (assets), which is derived from illegal activities to give it a legitimate appearance There are 3 stages in money laundering, namely:

• Placement - The physical disposal of proceeds derived from illegal activities.

• Layering – Separating the illicit proceeds from their sources through transactions that disguise the audit trail and provide anonymity.

• Integration – Integrating the laundered proceeds into the economy as normal funds

6.2. Assets can be illegally gained where it derives from any illegal conduct, whether the underlying criminal conduct has taken place in the country where are situated or overseas.

6.3. Terrorist financing may not involve the proceeds of criminal conduct, but rather an attempt to conceal the origin or intended use of the funds, which will later be used for criminal purposes

6.4. The following types of activities are “money laundering” and are prohibited:

• the conversion or transfer of assets, knowing or suspecting that such property is derived from illegal or unlawful activity

• conducting a financial transaction which involves illegal assets.

• the concealment or disguise of the true nature, source, location, disposition, movement, rights with respect to, ownership or control of illegal assets.

• the acquisition, possession, or use of illegal assets.

• promoting the carrying on of unlawful activity; and

• participation in, association to commit, attempts to commit and aiding, abetting, facilitating, and counselling the commission of any of the actions mentioned above.

7. Customer Due Diligence (CDD) & Risk Profiling

7.1. Customer Due Diligence on new customer

7.1.1. It is our policy to carry out Due Diligence (DD) at the outset of any business relationship and obtain satisfactory evidence and properly establish in its records, the identity and legal existence of any person applying to do business with it. Such evidence must be substantiated by reliable and independent source documents.

7.1.2. The customer due diligence undertaken by Canis comprise the following:

• identify and verify the customer.

• identify and verify beneficial ownership and control.

• obtain information on the purpose and intended nature of the business relationship/transaction; and

• conduct on-going due diligence and scrutiny.

7.1.3. Unwillingness of the customer to provide the information requested and to cooperate with Canis’s customer due diligence process may itself be a factor of suspicion.

7.1.4. Canis will not commence business relation or perform any transaction, or in the case of existing business relation, it should terminate such business relation if the customer fails to comply with the customer due diligence requirements and consider as a Red Flag

7.1.5. Canis will conduct in addition to customer due diligence process, a risk assessment will conduct to determine whether current or new customers are Politically Exposed Persons (PEP). In establishing whether the customer is a PEP, will gather sufficient and appropriate information from the customer and through publicly available information.

7.1.6. PEPs are domestic or foreign individuals being, or who have been, entrusted with prominent public functions, such as heads of state or government, senior politicians, senior government officials, judicial or military officials and senior executives of public organisations.

7.1.7. It is our policy to carry out due diligence of any business relationship and obtain satisfactory evidence and properly establish in its records, the identity and legal existence of all customers.

7.2. Customer Due Diligence on high-risk customer

7.2.1. For higher risk customer, enhanced due diligence undertaken by Canis and comprise the following:

• Obtaining more detailed information from the customer and through publicly available information on the purpose of transaction and verify the source.

• Obtain approval from the senior management by conducting risk assessment before onboarding.

7.2.2. Example of high-risk customers are:

• Non-resident customers (owner, partners, or directors).

• From locations known for their high rates of crime (for example, drug producing, trafficking, smuggling).

• High risk countries or jurisdictions with inadequate AML/CFT laws and regulations such as the Non-Cooperative Countries and Territories (NCCT).

• PEPs.

• Legal arrangements that are complex (ie: trust, nominee).

• Non-targeted businesses or market.

• High brand risk; and

• Unregulated industries

7.3. List of high-risk country

Alphabetical Order	Countries
C	Cambodia
E	Ethiopia
G	Ghana
I	Iran	Iceland/td>
M	Mongolia	Myanmar
N	North Korea (DPRK)
P	Pakistan	Panama
S	Sri Lanka	Syria
T	The Bahamas	Tunisia	Trinidad and Tobago
Y	Yemen
Z	Zimbabwe

7.4. Ongoing due diligence on existing customer

7.4.1. Canis is taking the necessary measures to ensure that the records of existing customer are remained updated and relevant, this includes:

• Higher risk customer

• High brand risk

• Unregulated industries

• Customer with documentation standards change

• Customer with changes in nature of business and model

• Customer with complex legal arrangements.

• Customer with abnormal activities

7.4.2. Ongoing due diligence will be conducted annually.

7.5. Risk profiling

7.5.1. Canis is assessing and create profile of all customers, especially higher risk customer. Customer screening will be performed during this risk assessment to identify and onboarding suitable customers with Canis risk appetite.

7.5.2. After the initial acceptance, Canis will take reasonable step to ensure customer is in line with the profile, through monitoring each customer transaction activity pattern. Reassessing the customer risk’s profile in the event customer has unreasonable difference in transaction activity.

7.6. Record-keeping is an essential component of the audit trail required to assist in any investigation. Canis maintain records as evidence of the DD and ongoing monitoring undertaken.

8. Onboarding Requirement

8.1. Requirement

8.1.1. For company/business, Canis shall require the customer to furnish a copy of the following:

• Form 9, 24, 49 & M&A / Super form / SSM or SSM e-info reports

• Photocopy of IC / Passport/ Entry Visa of all Directors/ Shareholders (25% interest and authorized representative.

• Bank statement

• Other applicable license, approvals, letter of authorities for customer to carry out the business

8.1.2. For Clubs, Societies & Charities

• certificate of registration of club, society or charity, relevant constituent documents (or other similar documents)

• identification of the office bearer and authorization for any person to represent the club, society, or charity.

8.2. Credit Report Requirement (CRA)

8.2.1. Credit history is evaluated to determine the customer application as part of due diligence requirements. The requirements outlined below:

• Authorize and give consent to Canis for obtain credit information for business or company, including KYC report (CTOS) or CDDI report (Experian) for PEPs check purposes.

• Negative or “no records” in any AML/CFT, Home Ministry of Malaysia (KDN), Money Service Business Act (MSBA), or any UN /International sanctions list.

• Must disclose legal information for the past seven years for judgments, foreclosures, garnishments, and bankruptcies for eligibility

• Clear from any relevant trade references filed or listing.

8.3. Screening / Non-Qualifier

8.3.1. All customer required to provide supporting documents, unwillingness of customer to provide documents/information requested and to cooperate with Canis’s customer due diligence will be disqualified and Canis will not commerce any business relationship with them or in the case cease/terminate the existing business relationship.

8.3.2. Canis will consider lodging Suspicious Transaction Report (STR) with Financial Intelligent & Enforcement Department (FIED) in Bank Negara Malaysia (BNM).

8.3.3. Below are other screening / non-qualified factors including but not limited to:

• Business or Company (including its owner/partner/director /Shareholder) with unresolved legal case or being listed/monitored by CRA, card association, and/or sanctioned by legal authorities or international regulatory bodies.

• Nature of business being classified which the provision thereof is illegal.

• Bankrupted or being filed for bankruptcy as monitored by Malaysia’s Department of Insolvency (MDI).

• Suspect or being involved in money laundering or terrorist funding

• Financial instability

• Dubious reputation.

• Non-targeted market.

9. Suspicious Transaction or Red Flags

9.1. Where any suspicions arise that criminal conduct may have taken place involving a customer, colleague or third party, you should consider whether there is a risk that money laundering or terrorist financing has occurred or may occur.

9.2. Some examples of red flags to be reported include:

• A customer provides insufficient, false, or suspicious information or is reluctant to provide complete information.

• Methods or volumes of payment that are not consistent with the payment policy or that are not customarily used during business

• Receipts of multiple negotiable instruments to pay a single invoice

• Early payment that covers the whole course of a recurring payment, especially if payment is from an unrelated third party.

• Orders or purchases that are inconsistent with the customer’s trade or business.

• Payments to or from third parties that have no apparent or logical connection with the customer or transaction.

• Payment to or from countries considered high risk for money laundering or terrorist financing.

• A customer’s business formation documents are from a tax haven, or a country that poses a high risk for money laundering, terrorism or terrorist financing, or a country that is not logical for the customer.

• Overpayments followed by directions to refund a payment, especially if requested to send the payment to a third party.

• Any customers for whom Canis cannot determine the true beneficial owner

• Structuring transactions to avoid regulatory reporting or record keeping requirements.

• Unusually complex business structures, payment patterns that reflect no real business purpose.

• Transaction or activity that is not consistent with the business activities of the customer.

• Unexpected spikes in a customer transactions / activity.

• Any alert flagged by fraud engine used by Canis or Acquirer

The above is not intended to be an exhaustive list. Deviation from customer and accepted business practice should alert you to further investigate the activity in accordance with this Policy.

10. Customer Assessment

10.1. Control and Fraud prevention

10.2. AVS & 3DS

• All 3DS card transactions will be passed and process through an address verification system (AVS)

10.3. Device ID

• Device ID & GPS location of transaction is captured as added feature security feature for fraud management.

10.4. Attempt & Dropout

• Detection of excessive attempt. Customer may face the risk of temporary account suspension or permanent deactivation.

10.5. Customer Assessment & Monitoring

10.6. Customer Assessment

• All customers shall be assessing by using the Customer Risk Profile form.

• Outlined below are for reference purpose where potential or existing customer

High risk customers will include:
i.	Foreign directors / director with dubious reputation
ii.	High net worth / profit without track record of more than 5 years;
iii.	Companies having close family shareholding or beneficial owner;
iv.	Politically exposed persons (PEPs) especially countries with inadequate AML laws / regulations
v.	High rates of crime location; unregulated industries
vi.	Complex legal arrangements, suspicious business model
vii.	Monitoring: every 3 months (Quarterly)
Medium risk customers will include:
i.	Unstructured payment receiving pattern; future-contract;
ii.	Non-informed authorized contact person
iii.	Unsound business model or profit not trackable
iv.	No financial record for an unreasonable period;
v.	High net worth / profit with track record of more than 3 years;
vi.	Advance payment / future contract
vii.	Monitoring: every semiannually (half year)
Low Risk customers will include:
i.	Single payment receiving pattern;
ii.	Customer belonging to lower economic strata whose accounts show small balances and low turnover;
iii.	Instant delivery of product
iv.	Well-defined terms of use and policies
v.	Monitoring: Every year (annually)

10.7. Customer Monitoring

Assessment & Monitoring	High Risk	Medium Risk	Low Risk
System alert for transactions and activities.	X	X	X
Assessment on an approved schedule that involves management sign-off.	X	X	X
Monthly assessment of Daily Transaction Limits (DTL) or parameters on accounts against transactions	X	X	X
Alert from Credit Report Agencies.	X	X	X
Reviewing transactions based on an approved schedule that involves management sign-off.	X	X
Keep client identification, UBO, MCC / nature of business and other records up to date.	X	X
Random based on an approved schedule that involves management sign-off.	X	X
Semi Annual re-assessment.	X	X
Reviewing transactions more frequently against suspicious transaction indicators relevant to business relationships.	X

11. Employee Responsibility

11.1. All have the obligation to read and follow this Policy, to understand and identify any red flags that may arise in their business activities and to escalate potential compliance concerns related to AML to the Compliance Department without notifying anyone involved in the transaction and should not take any actions prior to receiving advice and/or instructions.

11.2. Upon receiving any red flags for suspicious transactions, the Compliance Department will evaluate the grounds for suspicion and if suspicion confirmed, will promptly submits the Suspicious Transaction Report (STR) to the Finance Intelligence Unit in Bank Negara Malaysia.

11.3. To ensure AML/CFT compliance, Canis’s the Compliance Officer (CO) shall be appointed by the Board who at the senior management level, to carry out his/her duties and responsibilities, and effectively discharge it. The CO will ensure that:

• Canis’s compliance to the AML/CFT requirements

• Implementation of the AML/CFT policies and procedures, including customer acceptance, CDD, record keeping, ongoing monitoring and report of STR.

• Regularly assess the AML/CFT policies that is effective and sufficient to address the AML/CFT trends

• Securing and kept confidential of communication related to AML/CFT

• Maintains a complete file on internal generated STR and its supporting documents, and ensure all STR are appropriately evaluated before submission to Bank Negara Malaysia

• Ensure high level of employee awareness towards Canis’s AML/CFT measures, including this policy and the channel of reporting.

• Conduct training for employees according to the level of responsibilities, by the following:

i. New employees

ii. “Frontline” employees and who establishing business relationship

iii. Supervisors, managers, and senior managers

11.4. To always ensure Canis’s staff integrity, employee recruitment process included an assessment, to review and evaluate on all employee ‘s personal information that includes criminal records, employment and other financial history.

12. Record Keeping and Audit

12.1. Canis will keep all DD documents and records of transactions and those obtained during DD for at least six (6) years after the business relations with customer have ended.

12.2. Canis will the retained all documents and records are able to create an audit trail on individual transactions that are traceable by Bank Negara Malaysia, the relevant supervisory and law enforcement agencies.

12.3. The records kept must enable Canis to establish the history, circumstances, and reconstruction of each transaction. The records shall include:

• the identity of the customer.

• the identity of the beneficiary (owner, partner, director etc).

• the type of payment instrument (debit cards, credit cards etc).

• the form/form of transaction (card present, e-commerce)

• the instruction and the origin and destination of the transactions.

• the transaction amount and type of currency.

• the transaction time and date.

12.4. The Compliance Department will maintain a regular internal audit to ensure the effectiveness by checking and testing the compliance with, and its effectiveness with this AML/CFT policy, and the implemented procedure and control are in line with latest development and changes of AML/CFT requirements and trends.

12.5. The Compliance Department shall be independent, keep clear records on all findings, fully documented and complete. Written reports on the audit shall be submitted to Canis’s board of directors, to highlight any inadequacies in the internal AML/CFT measures and controls.

12.6. Canis’s board of directors will ensure that the necessary steps are taken to rectify the inadequacies, if any.

13. Updates, Review and Ownership

13.1. This Policy may be updated from time, and the updated version of the Policy will be immediately made available on the Canis’s employee.

13.2. All updates, release of updates, and date of release shall be approved and endorsed by Canis’s board of directors.

13.3. Review of this policy shall at least once a year.

14. Non-compliance

14.1. Any Canis’s employees, who violates this AML/CFT Policy may be subject to appropriate disciplinary action, independently from potential other penalties resulting from their behaviour.

14.2. Any non-compliance is subject to, with the provision under the Anti-Money Laundering Act (AMLA).

15. Change Log

Change Log:

Version & Date	Description of Changes / Actions	Updated by	Approved by (Directors)
V1.1(20221228)	1. Initial release 2. To be finalized and approved by Board of Directors	1. Ethan	1. S Baskar