Anti-Money Laundering & Anti-Terrorist Financing Policy

Anti-Money Laundering & Anti-Terrorist Financing Policy

Change History

Table of Contents

1. Introduction 2

2. Scope 3

3. Purpose 3

4. Objective 3

5. Responsibilities 3

6. AML Policy 5

6.1 Definition of Money Laundering. 5

6.2 Definition of Terrorism Financing 6

6.3 Key Principles 6

6.4 AML Controls and Systems 7

7.0 AML/ATF Risk Assessment 7

8.0 Customer Acceptance Program 10

8.1 Customer Due Diligence (CDD) 11

8.2 Standard Due Diligence 12

8.3 Enhanced Due Diligence 12

8.4 Minimum requirements 13

8.5 Embargoes and Sanction Screening 16

9.0 Suspicious Activity Reporting 16

10.0 Outsourcing 17

10.1 Reliance on third parties 18

11.0 Training 18

12.0 Know Your Employee (KYE) 19

13.0 Independent Audit review. 19

14.0 Record Keeping 19

15.0 Communication 20

16.0 Branches and Subsidiaries 21

17.0 Policy Amendments 21

18.0 Bermuda’s Legislative Framework 21

1. Introduction

Ensuro is committed to conducting business in accordance with the highest ethical standards. It undertakes to counter money laundering and terrorist financing and comply with all relevant sanctions and financial crime regulations. Ensuro clearly understands its responsibility to protect its customers and stakeholders, and will enforce the provisions set forth in the Anti-Money Laundering and Anti-Terrorist Financing policy in order to prevent and detect money laundering, terrorist financing and other illegal activities.

Ensuro will comply with all applicable international financial crime and Sanctions laws and regulations and will adopt a zero-tolerance approach to any regulatory breaches and to any circumvention of its financial crime policy and controls.

Ensuro will adopt all reasonable measures to avoid facilitating money laundering and terrorist financing and has established this risk-based policy which will be subject to review periodically.

2. Scope

This policy applies to the Ensuro group legal entities, Ensuro employees acting in any capacity, Directors, Officers and Authorised Representatives. It applies to all countries, branches and jurisdictions in which Ensuro operates and those countries and jurisdictions where it has an active license.

3. Purpose

This policy establishes the minimum expectations of Ensuro’s risk management framework to prevent financial crime. It sets out the principles Ensuro will adopt to comply with anti money laundering legislation and sanctions and to identify, mitigate and manage the risks in its operating environments. It also ensures these principles are well documented, communicated and followed in all Ensuro’s activities.

4. Objective

Ensuro is developing a global AML program to implement a single global standard for compliance with international anti-money laundering standards. The objective of Ensuro’s AML program is to ensure that money laundering risks identified by Ensuro are appropriately mitigated. This will be achieved by establishing Board-approved, minimum governing policies, principles and standards and implementing appropriate controls to protect Ensuro, its employees, its shareholders and its customers from money laundering.

The AML program provides guidance to all Ensuro employees and requires them to conduct business in accordance with all applicable AML laws, rules and regulations. It is based on various laws, regulations and regulatory guidance from Bermuda, Singapore, the EU, the United States of America and, as applicable, local jurisdictions in which Ensuro operates.

5. Responsibilities

5.1 Board

The Board of Ensuro Limited has responsibility to;

• Ensure that management adequately implements AML/ATF Legal and Regulatory requirements, including any international obligations.

• Review and approve the Anti-Money Laundering and Anti Terrorism Financing Policy and amendments.

• Ensure a regular program of audits is undertaken to test the adequacy of and compliance with prescribed policies.

• Ensuring that the outsourcing of CDD is conducted in compliance with regulatory requirements and in a manner that mitigates any potential risks to the company.

• The Board shall also assess the risks associated with outsourcing CDD and ensure that appropriate mitigation measures are in place to manage these risks.

• The Board shall oversee the selection process for outsourcing service providers and ensure that the provider has the necessary expertise, experience, and resources to perform CDD effectively.

5.2 Chief Executive Officer

The Chief Executive Officer is the policy owner of the AML & ATF Policy and Procedure for Ensuro. The Chief Executive is responsible for overall oversight on execution of this Policy.

5.3 Chief Compliance Officer/MLRO

Ensuro has a designated Money Laundering reporting Officer/Chief Compliance Officer at managerial level, who is fully responsible for maintaining the procedures and internal controls appropriate to give effect to this AML/ATF Policy. The MLRO has a working knowledge of the AML/ATF laws and their implementing regulations and is responsible for coordinating and monitoring the AML/ATF compliance program to ensure continuous compliance with the regulations. The MLRO is qualified by experience, knowledge, and training in AML/ATF, and continues to undertake role specific courses and trainings to improve their knowledge of the Bermuda Regulatory Framework on AML/ATF and general insurance/re-insurance business.

The Compliance officer shall be responsible for the following;

• The Compliance Officer has oversight over Ensuro’s Anti-money laundering policies, and reports on the same to Senior Management.

• Providing overall guidance to achieve compliance with all anti-money laundering compliance policies, legislation, procedures, systems and plans,

• Reviewing overall Ensuro’s AML&ATF Compliance standards and making recommendations for appropriate corrective action.

• Ensure that all employees receive appropriate & timely anti-money laundering compliance trainings and communications according to the requirements of their prescribed duties.

• In the event of outsourcing the MLRO shall ensure that the outsourcing service provider has the necessary experience, expertise, and resources to conduct CDD effectively. They shall also ensure that the service provider follows the same AML policies and procedures as Ensuro.

• The MLRO shall also provide ongoing oversight and supervision of the outsourcing service provider's CDD activities to ensure that they remain effective and compliant with AML regulations and standards.

• Responding promptly to any requests for information made by the regulator.

The MLRO shall be accorded and maintain sufficient independence to ensure that they are free from interference in their functions and decisions, that they are able to freely access any information necessary to the discharge of their responsibilities, and that information held by them shall be securely protected and disseminated in accordance with the law.

5.4 General responsibilities

• Every Ensuro staff member must remain vigilant to the possibility of money laundering and promptly report any suspicious transaction or activity.

• Responsible for daily management of anti-money laundering compliance within their respective areas of work.

• Complete training on AML/ATF as specified.

6. AML Policy

6.1 Definition of Money Laundering.

Money laundering is the term used for several offences involving the proceeds of crime or terrorism. These include possessing or in any way dealing with or concealing or converting the proceeds of any crime, as well as funds likely to be used for terrorism or the proceeds of terrorism.

The term is generally used to describe the activities of organised criminals converting the proceeds of crime into legitimate activities, thus hiding or concealing their true, originating sources.

Despite the variety of methods employed, the laundering process is accomplished in three stages. These stages, described below, may comprise numerous transactions by the launderers that could alert the company of the criminal activity.

(a) Placement” the physical disposal of the initial proceeds derived from illegal activity.

(b) Layering” separating illicit proceeds from their source by creating complex layers of financial transactions designed to disguise the audit trail and provide anonymity.

(c) Integration” the provision of apparent legitimacy to criminally derived wealth. If the layering process has succeeded, an integration scheme places the laundered proceeds back into the economy in such a way that they re-enter the financial system appearing as normal business funds.

The three basic steps may occur as separate and distinct phases. Alternatively, they may occur simultaneously or, more commonly, they may overlap. How the basic steps are used depends on the available laundering mechanisms and the requirements of the criminal organizations.

Ensuro employees are most likely to be exposed to money laundering if they have a suspicion that a party they are dealing with, in the course of conducting regular business practices, is benefiting financially from dishonest activities. The attempt to transact legitimate business with Ensuro Re Ltd to reinsure assets and/or investing capital by paying premiums and/or investing funds using monies derived from the proceeds of crime or terrorism would therefore constitute money laundering in the context of the regular business operations of Ensuro.

There are three main money-laundering offences;

1. Concealing – knowing or suspecting a case of money laundering but concealing or disguising its existence.

2. Arranging – becoming involved in an arrangement to launder money, or assisting in money laundering.

3. Acquisition, use or possession – benefiting from money laundering by acquiring, using or possessing the asset concerned.

In addition, there are two third party offences:

1. Failure to disclose either of the three offences above where there are reasonable grounds for knowledge or suspicion.

2. Tipping off or Notifying a person who is or is suspected of being involved with money-laundering either directly or indirectly.

6.2 Definition of Terrorism Financing

Terrorism financing is when a person by any means directly or indirectly, unlawfully and willfully provides or collects funds with the intention that these funds will be used in full or in part to carry out a terrorist act by a terrorist organization or be linked to specific terrorist acts.

The Terrorism Financing offences include;

1. Fundraising- Providing money or property, and inviting another person to provide money or other property intended to be used, or suspects that it may be used, for terrorism purposes.

2. Organising - Committing or directing another person to commit an act if terrorism.

6.3 Key Principles

These key principles govern Ensuros approach to the prevent of money-laundering:

• The appointment of a Money Laundering Reporting Officer (MLRO) or similar position as required by local regulation. The appointed MLRO will be Ensuro’s Compliance Officer.

• Ensuro shall maintain a Compliance function that identifies, assesses, advises, monitors and reports on Ensuro’s Compliance risk. AML/ATF compliance oversight is discharged through the Compliance function.

• Any staff shall immediately notify the MLRO if he/she suspects or has any reason to suspect that any potentially suspicious activity has occurred or will occur if a transaction is completed.

• Ensuro will undertake Know Your Customer (KYC) procedures with a risk based Customer Due Diligence program which will include Customer Identification and Verification outsourced to Quadrata

• Ensuro will apply risk based enhanced customer due diligence measures for customers or transactions identified as high risk to ensure proper verification of all necessary information pertaining to them.

• Ensuro shall ensure that all Payment methods and technologies in use are assessed for money laundering and terrorism financing risk and measures taken to prevent the use of these technologies to facilitate money laundering and the financing of terrorism.

• Ensuro will prohibit anonymous customers seeking to obtain coverage in an obviously fictitious name.

• Ensuro will take measures to ensure that it does not engage in any business with shell companies or accept remittances through them.

6.4 AML Controls and Systems

Ensuro is committed to combating money-laundering, terrorism financing and the financing of any illegal activity by implementing appropriate and approved risk sensitive policies, procedures and systems for effective prevention, detection and control of possible money laundering and terrorism financing activity relating to;

1. Customer due diligence measures and ongoing monitoring

2. Record-keeping;

3. internal control;

4. The performance and documentation of any products, services and technologies (prior to launch) and the continual documentation of risk assessment and management of such products, services and technologies in a form available to share with the supervisory authority.

5. Monitoring and management of compliance with these policies, procedures and systems including their internal communications.

6. Overseeing and monitoring of the outsourcing of customer onboarding and CDD to ensure that it is conducted effectively and in compliance with regulatory requirements and company policies.

7.0 AML/ATF Risk Assessment

The objective of the risk ML/TF assessment process is for Ensuro to be able to understand the AML/ATF and sanction risks it is exposed to and to mitigate effectively this ML/TF risk. A critical part of the ML/TF risk assessment process is the allocation of customers and products to an appropriate ML/TF risk category. The main purpose of this is to ascertain the level of customer due diligence (CDD) process to be carried out pertaining to identification, verification and whether the customer has any high risk characteristics that require enhanced due diligence (EDD).

It is important to note that risk assessment is not a one-off exercise and is usually triggered by circumstances such as changes in customer data or profile and Ensuro will ensure that internal policies, procedures, systems and controls, continue to adequately address the risk assessment.

Prospective clients must be risk assessed from an AML/CTF perspective by Quadrata and Sufficient CDD completed and held prior to establishing any relations or interaction with Ensuro Protocol.

The risk-based approach to KYC standards shall take into consideration various risk factors including, but not limited to Country of operation or Nationality, Customer type, & Services risk factors. The detailed risk assessment criteria and methodology are described in the document “Ensuro AML/ATF Risk Assessment”.

7.1 Customer Risk Assessment

Every Customer shall be risk-rated from an AML/ATF perspective by Quadrata prior to issuing a Quadrata passport and risk scores will be assigned to each customer/passport holder. These risk scores will be taken into consideration and combined with the internal Customer Risk Assessment parameters rated at user sign up onto the Ensuro protocol inorder to obtain a comprehensive customer risk score at the time of onboarding.

To ensure ongoing compliance with AML regulations, both customers and entities will be subject to continuous monitoring of their AML and wallet addresses. The purpose of this monitoring is to confirm that they are not associated with any sanctions lists, watchlists, PEPs lists, or blacklisted wallets. If necessary, the AML risk score will be adjusted based on the results of these checks. If there are any changes to the status of the wallet or its holder, Quadrata, Inc. will update the passport's overall AML risk score within 24 hours to reflect the relevant change in scores.

When assessing Customer’s ML/TF risks, the following factors shall be considered;

1. Nature of the Customer’s Business/industry: Certain businesses/ industries are considered as being more susceptible to the risk of money laundering and terrorist financing than others. Businesses are classified as high, medium or low risk and this classification is based primarily on industry guidance. Likewise, the type of customer is risk rated accordingly.

2. Country of residence/registration/operation or nationality; This factor considers the country of domicile of the customer or countries where the customer has a presence as some countries are considered to present a higher degree of money laundering or terrorist financing than others as guided by FATF. Countries shall be classified as high, medium or low risk, based on key indicators which include;

3. Inadequate AML/CTF strategies

4. Politically unstable/corrupt Government regimes

5. Drug havens/transit Countries

6. Tax havens

7. Financial transparency & standards

8. Public transparency & accountability

Ensuro shall thus adopt the list of high-risk countries published by various organizations including but not limited to the Financial Action Task Force (FATF) and Caribbean Financial Action Task Force (CFATF) to preventing any form of subjective assessment.

3. Product and Service: This is based on the product/service to which the customer is subscribing as some products and services are considered to pose a greater risk of money laundering/terrorist financing than others. All products shall be risk assessed into high, medium or low risk respectively before being launched. Where a client has more than one product or service, the product/service with the highest risk rating must be selected.

4. Customer type; This considers the various types of customers, partners or beneficial owners such as individuals, listed companies, private companies, start ups and others who want to establish a relationship with Ensuro. The following are the examples of clients who pose a high money laundering risk:

5. A PEP, any member of a political Figure’s immediate family, and any close associate of a senior political figure; Quadrata shall PEP screen all passport holders and embed their risk score to the passport details to guide Ensuro’s assessment of the client.

6. Any client resident in, or organized or incorporated under the laws of, a Non-Cooperative Jurisdiction or high risk countries.

7. Any customer who gives the MLRO any reason to believe that its funds originate from, or are maintained at an “offshore business”, or

8. Any client who gives the MLRO any reason to believe that the source of its funds may not be legitimate or may aid terrorist activities.

9. Non-resident customers;

A manual review will be undertaken by the Ensuro compliance Team and enhanced due diligence is conducted for this category of customers. It is important to note that there are certain types of customers that will be regarded as high risk regardless of other factors e.g., PEPs.

5. Other factors; Customers shall also be screened through watchlists and negative news searches to verify if there is any negative news on the customer or beneficial owners.

7.2 Risk Assessment Methodology

Each customer will be assigned a Customer Risk Rating with the methodology as detailed below of:

• High; The risks here are significant. To mitigate the heightened risk presented enhanced due diligence and rigorous transaction monitoring is to be undertaken

• Medium; The risks are more than low and merit additional scrutiny, but do not rise to the level of high-risk.

• Low; This represents the baseline risk of money laundering; normal business rules and CDD

When assessing the customer risk profile, each factor described above is ranked with a risk score of 1 (Low), 2 (Medium) or 3 (High) for every customer.

Basing on the weighted average of the scores, the overall Customer Risk Rating (CRR) is assigned as follows:

7.3 Customer Profile Review

1. Normal Review

Ensuro acknowledges that AML/ATF Risk assessment is not a one-off exercise as customers’ circumstances do not remain static and as such part of the KYC process which is an on-going process is to ensure that as best as possible Ensuro has up to date information pertaining to customers. To this end reassessment shall be conducted on a cyclical basis and revised if necessary. Based on the customer's risk rating, the customers’ profile shall be subject to periodic review. If the customer poses high risk to the company, then the customer shall be reviewed more often compared to low risk customers. The reassessment cyclical period which will largely depend on the risk rating given to the customer at the onset is as follows:

-High Risk Customers- Annually

-Medium Risk Customer – Every 2 years

-Low Risk Customers- Every 3 years.

2. Transaction/ Incident Driven Review

However it is important to note that an Incident can trigger a risk re-assessment review outside of the aforementioned cycles i.e. “Incident Driven Review” …. any event that materially changes the nature of the Customer’s business or individual risk profile e.g, a change in regulatory status, change in PEP status or adverse media information. If based on these checks there are any status changes of the wallet or its holder, Quadrata, Inc. will update the passport's overall AML risk score within 24 hours to reflect the applicable change to the scores and a manual review and risk assessment will be undertaken by the Ensuro compliance team to determine the appropriate course of action.

8.0 Customer Acceptance Program

Ensuro shall outsource part of its customer acceptance/onboarding programme to Quadrata. Quadrata will undertake the onboarding, and monitoring activities of the individuals and businesses through the collecting and verification of personal identification information as well as AML and wallet screening. The onboarding processes outsourced include;

After Quadrata collects the necessary information, it will perform data verification on a risk-based approach and issue a passport upon successful verification. Upon interaction with the protocol, Ensuro team shall analyse this information to ensure the customer meets the KYC/KYB, AML, and wallet screening regulatory and legal requirements in Bermuda. It is important to note that Ensuro will retain accountability and responsibility for KYC/KYB compliance.

Customers who possess a Quadrata passport will then be able to load it onto the Ensuro portal to begin interacting with the platform.

Refer to Appendix Table 2 for simplified onboarding process flow diagram

8.1 Customer Due Diligence (CDD)

CDD is identifying the customer and verifying the customer’s identity on the basis of documents, data or information obtained from a reliable and independent source. It involves the identification and verification of both the customer and beneficiary including but not limited to continuous monitoring.

Quadrata will identify customers or undertake customer due diligence (CDD) before Ensuro can establish initial business relations with the Quadrata passport holder.

Ensuro will undertake continuous monitoring of the passport holder when conducting occasional or one-off transactions, when there is cause to be suspicious, and when there is doubt about the veracity or adequacy of previously obtained customer information.

Ensuro requires that all customers are adequately identified at onboarding and shall not establish a business relationship until the identity of the customer is satisfactorily verified by Quadrata. Customers without Quadrata passports will be re-directed to the Quadrata website upon interaction with the Ensuro portal in order to undergo the onboarding verifications with Quadrata first so as to permit the company to “know its customers” and to understand their business.

Ensuro shall undertake continuous monitoring and carry out on-going due diligence on existing customer relationships and scrutinize transactions undertaken throughout the course of these relationships to ensure that the transactions being conducted are consistent with the Ensuro’s knowledge of the customer, their business and source of funds on a risk sensitive basis. In doing so Ensuro shall also consider the results from Quadrata’s ongoing monitoring of customers and wallets in order to have a comprehensive review of the passport holder. Ensuro shall apply CDD requirements to existing customers on the basis of materiality and risk and to continue to conduct due diligence on such existing relationships at appropriate times. The appropriate time to conduct CDD for existing customers is when;

1. a transaction of significant value takes place,

2. customer documentation standards change substantially,

3. there is a material change in the way that the business is operated, and

4. when Ensuro becomes aware of any customer changes in the AML profile as flagged by Quadrata

Ensuro shall rely on Quadrata to perform elements of Customer Due Diligence to satisfy the minimum KYC requirements ensuring that they meet the criteria set out in section 14(1) of the Bermuda Proceeds of Crime Anti-Money Laundering and Anti-Terrorist Financing) Regulations 2008.

Ensuro shall take adequate steps to ensure that copies of identification data and other relevant documentation relating to CDD requirements will be made available by Quadrata in a secure manner upon request without delay to enable Ensuro meet its regulatory obligations. The ultimate responsibility for customer identification and verification remains with Ensuro.

The extent of customer due diligence that is performed on customers, whether standard or enhanced, will be dependent on the risk of money laundering or terrorist financing they pose. Where Enhanced due diligence is required of the passport holder, a manual review will be undertaken by Ensuro.

8.2 Standard Due Diligence

Standard Due Diligence shall apply where there is little chance of money laundering or terrorist financing based on the risk assessment. This involves a basic and minimal process of identifying, verifying and ongoing monitoring of a standard customer. Quadrata shall undertake the Standard Due Diligence for Low-risk clients. Standard Due Diligence shall be undertaken where the customer;

1. is a public administration, or a publicly owned enterprise;

2. is an individual resident in a geographical area of lower AML/TF risk as rated by FATF or CFATF

3. is an institution required to oblige by provisions of these proceeds of crime (anti-money laundering and anti-terrorist Financing) regulations 2008 and is supervised for compliance to the same.

4. is a company whose securities are listed on a regulated market, in the location of an AML regulated market;

Geographically a customer shall also be considered low risk and SDD applied depending on whether the country where the customer is resident, established or registered/ in which it operates is, on the basis of credible sources, (such as evaluations, detailed assessment reports or published follow-up reports) published by the Financial Action Task Force, the International Monetary Fund, the Organisation for Economic Co-operation and Development or other international bodies, has requirements to counter money laundering and terrorist financing that are consistent with the Bermuda AML/ATF regulations and guidelines and effectively implements those Recommendations.

Standard CDD shall not apply to a customer where there is suspicion of money laundering or terrorist financing or specific higher-risk scenarios. In such a circumstance, enhanced due diligence shall apply.

8.3 Enhanced Due Diligence

EDD involves a risk-based approach to investigate certain customers' identities even further, and gathering further information on their reputation and history, taking additional steps to understand the ownership and control of the customer and, in some cases, the source of funds involved. There is also greater focus on ongoing monitoring.

EDD is necessary with customers who have been identified as posing a high AML risk basing on customer risk assessment checks. Basing on the data and risk scores assigned by Quadrata, Ensuro shall undertake Enhanced Due Diligence measures for business relationships and customers deemed to be of High Risk. The following customer categories shall be considered High risk and therefore EDD shall be undertaken;

• Customers who are politically exposed persons (PEPs), in other words people with high-profile political roles or who perform prominent public functions.

• Customers who are special interest persons (SIPs), in other words those who have a known history of involvement with financial crimes. A person doesn’t have to have been convicted to be considered an SIP. They could have been previously accused of financial crimes, or be currently facing court proceedings.

• Customers who have sanctions against them

• Clients who feature in a high volume of adverse media, in other words negative media coverage about them

• Customers who have a high net worth

• A customer or transaction shall also be considered high-risk and warranting EDD if they are directly linked to any of the following geographical risk factors:

• Countries that have sanctions or embargoes against them

• Countries on the Caribean Financial Action Task Force’s (CFATF) list of Other Monitored Jurisdictions (greylist)

• Countries on the FATF list of Call for Action Jurisdictions (blacklist)

EDD shall also be undertaken under any other situations which can present a higher risk of ML/TF.

8.4 Minimum requirements

Quadrata will collect certain minimum customer identification information from every customer before issuing a Quadrata passport. For individual customers, Quadrata shall take reasonable steps to ascertain satisfactory evidence of an individual client’s name, details of the residential address, the telephone contact including the mobile telephone,address and date of birth. Refer to Appendix Table 1 Section 1 for KYC for individual users.

1. For Legal persons/arrangements;

Quadrata shall take the necessary measures to collect information to enable understanding of the nature of business, ownership and control structure when performing Customer Due Diligence in relation to customers that are legal persons or legal arrangements. The minimum CCD requirements to be maintained for a legal person/ arrangement must include but not limited to;

1. Full name and trade name.

2. Date and place of incorporation, registration or establishment;

3. Registered office address and, if different, mailing address;

4. Address of the principal place of business;

5. Whether and where listed on a stock exchange;

6. Official identification number (where applicable);

7. Name of regulator (where applicable);

8. Legal form, nature and purpose (e.g. discretionary, testamentary, bare);

9. Control and ownership structure

10. Nature of business;

11. Identification of all beneficial owners and taking reasonable measures to verify the identity of the beneficial owner in Line with KYC standards

Refer to Appendix Table 1 Section 2 for KYB for Entities.

2. Beneficial owners;

Quadrata shall identify all beneficial owners and take reasonable measures to verify the identity of the beneficial owner on behalf of Ensuro at the time of issuing the passport, such that it is satisfied that it knows who the beneficial owners are, and that the ownership and control structure of the party with whom a relationship is being entered, in the case of legal persons and arrangements, is understood.

Quadrata will identify any individual that is a beneficial owner of the legal entity customer by identifying any individuals who directly or indirectly own 10% or more of the equity interests of the legal entity, and any individual with significant responsibility to control, manage, or direct a legal entity customer.

3. Politically Exposed Persons

In Bermuda PEPs are individuals who have, at any time in the preceding year, been entrusted with prominent public functions or prominent functions by an international organisation or a person who falls into any of the categories listed in paragraph 2(3)(a) of the Schedule of the Proceeds of Crime (Anti Money Laundering and Anti-Terrorism Financing) Regulations 2008 and their immediate family members or known close associates as defined in section 2 of the schedule in the proceeds of crime (anti-money laundering and anti-terrorist financing) regulations 2008

While PEPs from outside Bermuda are defined as an individual who is or has, at any time in the preceding year, been entrusted with prominent public functions or a prominent function by an international organisation or a person who falls in any of the categories listed in paragraph 2(1)(a) of the Schedule.

Immediate family members include a spouse, children and their spouses; and parents; While persons known to be close associates include;—

• Any individual who is known to have joint beneficial ownership of a legal entity or legal arrangement, or any other close business relations, with a person referred to in regulation 11(6A)(a); and

• Any individual who has sole beneficial ownership of a legal entity or legal arrangement which is known to have been set up for the benefit of a person referred to in regulation.

These are considered to present high AML risk due to their exposure to politics and the influence they may be able to exert or may be imposed on them by virtue of their sensitive political relationships and are therefore considered High Risk customers.

Quadrata will undertake PEP Screening checks at onboarding as part of the AML screening and during ongoing monitoring of customer profiles. Refer to Table 1 Part 3 for a PEP list coverage against which customers shall be screened.

Senior management approval shall be obtained before establishing a business relationship with a PEP. Where a customer has been accepted or has an ongoing relationship and is subsequently found to be or becomes a PEP, senior management approval shall be obtained in order to continue the business relationship.

Ongoing Monitoring

Ensuro shall conduct ongoing due diligence of the business relationships. This shall include scrutinizing the transactions undertaken by the customer on the chain throughout the course of the relationship to ensure that the transactions being conducted are consistent with Ensuro’s knowledge of the customer profile, its business and risk profiles, and the source of funds.

In conducting ongoing monitoring Ensuro shall employ suitable mechanisms for monitoring customer’s transactions while paying special attention to all complex, unusual large transactions or unusual patterns of transactions that have no apparent or visible economic or lawful purpose. All staff will maintain alertness for customer’s transactions which represent a significant divergence from those anticipated for the customer's and where a customer’s transaction is not consistent with what is anticipated: an explanation will be sought, if appropriate by contacting the client. If a satisfactory explanation is found, the customer profile will be updated to record that explanation and to reflect the change in anticipated customer activities.

If no satisfactory explanation is found, the matter will be brought to the attention of senior Management if there are grounds to suspect money laundering after carrying out a re-assessment of money laundering risk and a Suspicious activities report will be filed with the Financial Intelligence Agency

Ensuro shall also undertake ongoing monitoring and review of customer profiles and data held periodically to check that the information held is still adequate and up to date, and also to ensure that the level of client due diligence being applied is still appropriate by triggering existing customers/ Passport holders to undertake a KYC refresher with Quadrata and updated information shall be reflected in the Ensuro dashboard.

Customers and Businesses will undergo ongoing monitoring of AML and Wallet addresses to confirm they are not associated with sanction lists, watchlists and PEP lists or blacklisted wallets and to adjust the AML risk score, if necessary. If based on these checks there are any status changes of the wallet or its holder, Quadrata will update the passport’s overall AML risk score within 24 hours to reflect the applicable change to the scores on the Ensuro dashboard and the Ensuro compliance team can review and undertake appropriate action.

5. Embargoes and Sanction Screening

As is provided in the Ensuro Sanctions Policy, Quadrata shall undertake AML screening checks for all passport holders as part of the due diligence process before issuing a Quadrata passport. These AML checks include but are not limited to sanction screening against all major multiple government and international organisation’s watch-lists like OFAC and HM Treasury’s Consolidated List of Targets, Quadrata shall decline to issue passports for matching entities once identified. Sanction Screening results will be part of the information embedded in the passport data.

Even if sanction screening checks are outsourced, Ensuro shall remain ultimately responsible for ensuring compliance with applicable regulations through ongoing oversight and monitoring of the service provider to ensure that they are conducting these checks in a timely and accurate manner.

9. Suspicious Activity Reporting

Suspicious activity is defined as a transaction or activity that could constitute or be related to money laundering or the proceeds of crime. These activities may include complex, unusual, suspicious, large or other transactions as may be specified by Regulators/Legal requirements and whether completed or not. Consideration of suspicious activity will pay particular attention to all unusual patterns of transactions/activity and to insignificant but periodic patterns of transactions/activity that have no apparent economic or lawful purpose.

Ensuro understands its obligations to recognise and report suspicious activity that may arise in the course of its normal business activities. In considering the suspicious nature of a transaction/activity, the following must be taken into account:

• Suspicion must be more than speculation and must be based on some foundation, and

• A person who considers a transaction/activity to be suspicious is not expected to know the exact nature of the offence or that the funds in question are from criminal activity.

Knowledge is:

• Actual knowledge

• Knowledge of circumstances that would indicate facts to an honest and reasonable person.

• Failing to adequately assess the facts available which would put an honest and reasonable person on alert.

• Wilful negligence – failing to make adequate enquiries which an honest and reasonable person would make.

• Wilful blindness – ignoring obvious signs.

Knowledge and/or suspicion should under no circumstances be discussed with the relevant customer/user, or anyone else besides the reporting staff’s superior officer and the MLRO. The completed report is thus confidential and must be treated in such a manner.

As a guideline, examples of suspicious transactions/activity and details on how to report the activities to the MLRO are contained in the Ensuro Suspicious Activity guidelines.

MLRO will institute investigations by obtaining any necessary information held internally and externally by Quadrata as may be required and will decide whether to make report to Senior Management and to external authorities.

After implementing confidential enquiries into a Suspicious Activity Report, the MLRO will advise the Chief Risk Officer and also directly report the Suspicious Activity to the Financial Intelligence Agency via Go AML with full information. No person other than the MLRO shall receive internal Suspicious Activity Reports and all external reporting of suspicious activities to the authorities will be effected by the MLRO.

MLRO shall maintain a register of all Suspicious Activity Reports made, both internally and externally. Any decision taken not to report to the authorities, or any internal report made, shall be recorded. All such data must be kept securely. In addition, all correspondence with any other Supervisory/Regulatory body, for example the FIA, in respect of money laundering, will be appropriately filed according to the Ensuro’s record keeping procedures.

MLRO shall also cooperate with authorities undertaking any enquiries or investigations on AML/CFT or suspicious activities reported and release to them such information as is required in line with the terms of legal/regulatory obligations.

Ensuro shall maintain reasonable and adequate policies and procedures to ensure that all statutory and regulatory obligations in this regard are met in full.

10.0 Outsourcing

While Ensuro shall outsource part of its AML/ATF functions to Quadrata, it is important to note that Ensuro will retain ultimate responsibility for AML/ATF and Sanction compliance. This includes ensuring that Quadrata has appropriate AML/ATF and sanctions systems, controls, and procedures that align with the Bermuda AML/ATF and sanctions requirements.

Furthermore, Ensuro will remain accountable for compliance with the AML/ATF and Sanctions Regulations and Guidance Notes. It will not enter into outsourcing arrangements where access to data without delay is likely to be impeded by confidentiality, secrecy, privacy, or data protection restrictions. This ensures that Ensuro maintains control over its AML/ATF and sanctions obligations, even when outsourcing to third-party providers.

Ensuro shall outsource the following onboarding and monitoring processes of individuals and entities to Quadrata. The onboarding processes outsourced consist of the following:

1. Know Your Customer

● Obtain and review personally identifiable information

● Liveness screening

● Anti-Money Laundering/Sanction screening

● Digital asset wallet screening

2. Know Your Business

● Obtain and review formation and organizational documents

● Verification of existence

● Determination of ultimate beneficial ownership (UBO)

● KYC of UBOs

● Anti-Money Laundering/Sanction Screening

● Digital asset wallet screening

3. Anti-Money Laundering/Sanctions Screening

● Review of sanctions lists, watch lists and politically exposed persons (PEP) lists

● Risk based review of adverse media

4. Digital Asset Wallet Screening

● Screen wallets against sanctions lists, watchlists and PEP lists

● Screen wallets for exposure to illicit on-chain activity

5. Ongoing Monitoring

● Continued monitoring of individuals and entities against sanctions lists, watchlists and

PEP lists

● Continued monitoring of digital asset wallets to identify for exposure to sanctioned persons or entities, persons on watchlists, PEPs and illicit on-chain activity.

6. Accredited Investor VerifIcation

● Review documentation evidencing net worth and income

● Review reference documentation (if any) from attorneys, accountants, investment advisers or broker dealers

● Assessment of documents provided

● Periodic review of status as required by Rule 501

10.1 Reliance on third parties

Well as Ensuro may rely on a third party to perform its customer due diligence measures, it will obtain sufficient information immediately to identify customers and assess whether reliance on the third party is appropriate, given the level of risk for the jurisdiction in which the party is usually resident.

It is important to note that Ensuro will remain accountable for ensuring that the appropriate measures are applied at all times in accordance with the AML/ATF and Sanctions Regulations and Guidance Notes. Ensuro must also obtain the third party's consent to being relied on. Ensuro does not rely on any third party at the moment to apply any of its due diligence measures.

11.0 Training

Ensuro will develop regular or ongoing employee training under the MLRO/ Compliance Officer’s leadership and in consultation with senior management, not only to make employees fully aware of their obligations but also to equip them with relevant skills required for the effective discharge of their duties including how to recognise and deal with transactions which may be related to ML/TF. Training will occur at least on an annual basis and will be based on our size, customer base, and resources and be updated as necessary to reflect any new developments in the law or regulations. Ensuro shall maintain measures to train all staff at all levels, whether permanent, part-time or under contract.

The training will include, at a minimum:

1. An understanding of AML/ATF

2. Customer Due Diligence and applicable internal procedures.

3. Identifying red flags and signs of money laundering that arise during the course of the employees’ duties;

4. What to do once the risk is identified (including how, when and to whom to escalate unusual customer activity or other red flags for analysis

5. What employees’ roles are in Ensuro's AML compliance efforts/process and how to perform them;

6. Sanctions and watchlists

7. Outsourced and insourced services

8. Record retention policy; and

9. Offenses and consequences for non-compliance.

Delivery of the training may include educational pamphlets, videos, intranet systems, in-person lectures, online trainings, on the job training and reading self-explanatory AML memos/materials. We will maintain records to show the persons trained, the dates of training and the subject matter of their training.

Ensuro shall ensure that the MLRO is adequately and continuously trained to undertake their responsibilities. We will continue to review our operations to see if certain employees, such as those in compliance, require specialized additional training.

As part of the service provider review process, Ensuro shall require that Quadrata offers adequate training to its employees and subcontractors in line with applicable laws and regulations.

12.0 Know Your Employee (KYE)

Ensuro shall through Human Resources Division establish procedures and controls to know employees at entrance into service and during their working life at Ensuro so as to deter fraud and abuse of the company. Further, specific policies shall be maintained to require employees to follow a code of conduct and avoid/disclose conflicts of interest.

13.0 Independent Audit review.

Ensuro will ensure that an independent audit of its AML/ATF program is conducted at least once in two years. Ensuro shall identify a qualified and independent third party to independently review and test its AML/ATF programs, procedures and controls. The independent auditor shall provide and document an independent and objective assessment of the robustness of the AML/ATF program as a whole, including the AML/ATF risk management function, AML/ATF controls framework and AML/ATF compliance function. The findings will be reported to senior management, and the board of directors. Ensuro will promptly address each of the resulting recommendations and keep a record of how any noted deficiency was resolved. Ensuro shall also cooperate with authorities undertaking any enquiries or investigations on AML/CFT activities as provided for in law.

The MLRO will monitor continuously all aspects of Ensuro’s AML/ATF policies and procedures, together with changes and developments in the legal and regulatory environment which might impact the company’s business-wide risk assessment. Any deficiencies in AML/ATF compliance requiring urgent rectification will be dealt with immediately by the MLRO, who will report such incidents to the senior management when appropriate and request any support that may be required.

14.0 Record Keeping

Quadrata will be responsible for collecting and securely maintaining all onboarding records and data, including copies of personal identification or verification information/documents provided by customers/users for whom a Quadrata passport has been issued. These records will be maintained in a format that is easily accessible upon request.

Ensuro will ensure that Quadrata and any of its subcontractors comply with all legal and regulatory requirements in Bermuda relating to record-keeping. All customer identification, verification, and customer due diligence (CDD) records will be retained by Quadrata with no time limit. This ensures that all relevant records are available in the event of any future audit or regulatory investigation.

In Bermuda, the minimum retention period is five years from the time of transaction or from when a business relationship is terminated as per the Proceeds of Crime (Anti Money laundering and Anti-Terrorist Financing) Regulations 2008. This shall serve as Quadrata’s minimum standard of record retention period. The retention period of any document (original or otherwise) relating to a financial transaction shall be in line with this standard.

In this regard the following records are to be retained in a secure manner.

• All documents completed and obtained during the establishment of a business relationship relating to customer identification and verification/CDD are to be retained by Quadrata and stored securely. Procedures and appropriate disaster recovery plans will be implemented to ensure that such records are not vulnerable to damage or loss.

• All records relating to any transaction/activity that will enable Ensuro to fulfill its obligations with regard to transaction reporting are to be stored in the blockchain forever.

Ensuro will still be accountable for the safekeeping of these documents.

Once it is known that a police or court ordered investigation is underway, all records relating to the Transaction and customer under investigation must be securely retained and not destroyed, even after the five-year period has elapsed, without confirmation from the MLRO that they are no longer required as part of an enquiry/investigation. The MLRO will be kept appraised of developments in this regard.

Ensuro shall at all stages of a transaction be able to retrieve without delay any relevant information from Quadrata in response to any requests for documentation by any relevant authority.

All requests for documentation by any relevant authority in respect of any customer or Transaction made must be referred to the MLRO. It will be the sole responsibility of the MLRO to deal with all such requests.

15.0 Communication

All Ensuro employees shall be made aware of their requirements under AML/ATF and shall continuously apply them. The MLRO will develop the appropriate measures to ensure that all employees are made aware of their responsibilities and the requirements of the AML Policy. It will be the responsibility of the Management through the Chief Compliance Officer to ensure that this AML policy is published such that it is available to all staff at all levels.

Supervisory employees must make arrangements to ensure that all staff take up the measures advised for AML/ATF training and other means of training and awareness such that staff are aware of their responsibilities and the actions that they are expected to take under the AML/ATF and sanction Policy, laws and regulations.

Any policy changes, developments or amendments will be communicated to all employees upon approval in the company’s preferred means. Management will institute effective means to measure and monitor awareness of this policy.

16.0 Branches and Subsidiaries

Ensuro shall ensure that its foreign branches and subsidiaries, if any, observe AML/CFT procedures consistent with the provisions of this policy and to apply them to the extent that the local/host country’s laws and regulations permit.

Where these minimum AML/CFT requirements and those of the host country differ, foreign branches and subsidiaries in the host country will hence apply the higher standard and such must be applied to the extent that the host country’s laws, regulations or other measures permit.

When the foreign branches or subsidiaries are unable to observe the appropriate AML/CFT procedures because they are prohibited by the host country’s laws, regulations or other measures, Ensuro shall inform Bermuda Monetary Authority in writing.

17.0 Policy Amendments

This policy shall be reviewed to keep it updated with the amendments in laws and regulations and also accommodate best practices. All amendments shall be recommended by Senior management and approved by the Board.

18.0 Bermuda’s Legislative Framework

The following Legislation and Regulatory Guidelines are applicable in Bermuda for reference

• Proceeds of Crime Act 1997

• Proceeds of Crime (Anti-Money Laundering and Anti-Terrorism Financing) Regulations 2008

• Proceeds of Crime (Anti-Money Laundering and Anti-Terrorist Financing Supervision and Enforcement) Act 2008

• Anti-Terrorism (Financial and Other Measures) Act 2004

• Financial Intelligence Agency Act 2007

• Bermuda Monetary Authority (“BMA”) Guidance Notes on the Prevention and Detection of Money Laundering and Combating Terrorist Financing (as updated)

• International Sanctions Act 2003 and International Sanctions Regulations 2013

Appendix

Table 1

Table 2; Onboarding process flow diagram