The Nnph AML and CFT Policy establishes the framework for preventing money laundering and terrorism financing across all activities conducted on the Nnph platform. It applies to all customers, transactions, and operational processes and requires adherence by every employee, contractor, and business partner engaged with Nnph.
This Policy governs all KYC, AML, and CFT controls implemented by Nnph in accordance with applicable laws and international standards. It implements a risk based approach and covers customer due diligence, ongoing monitoring, transaction screening, record keeping, and reporting obligations. The Policy aligns with the core principles of internationally recognised AML/CFT guidance while operating within the lawful remit of the jurisdictions in which Nnph provides services.
Nnph applies a risk based framework to identify and mitigate ML/TF risk. The principal risk categories are:
Risk factors are evaluated to determine the level of due diligence required and the level of ongoing monitoring that will be applied.
Nnph employs a structured risk matrix to score likelihood and impact for each customer and product. Examples include:
The risk matrix is reviewed at least annually and updated for material changes in product offerings, customer behavior, or regulatory requirements. Third party risk is integrated into the overall assessment.
On onboarding, customers must provide verifiable information to establish identity and ownership. KYC steps include:
Ongoing monitoring applies, with reviews triggered by significant changes in activity or profile. Records are retained as described in data retention requirements below.
Verification is conducted when required by risk assessment or regulatory triggers. Documentation may include:
Additional verification is required for Politically Exposed Persons and for customers located in or associated with high risk jurisdictions. Measures may include:
A refusal to pass verification, or evidence suggesting the account is used for illicit activity, may result in escalation to competent authorities and restricted access to services.
All user operations are subject to ongoing activity monitoring to identify suspicious patterns. Indicators include:
Any flagged activity is escalated to the antifraud function for risk assessment and further action.
Transaction monitoring applies to deposits and withdrawals and enforces the following controls:
Cryptocurrency related transactions are subject to blockchain analytics and enhanced due diligence where appropriate. Suspicious transactions trigger structured investigations and may be reported as required by law.
Nnph conducts ongoing screening of customers and transactions against current sanctions lists and maintains a prohibited jurisdictions register. Where a potential match is identified, manual review confirms the result before any action. If sanctions are confirmed, access to accounts or particular transactions is restricted or frozen and appropriate authorities are notified in accordance with legal obligations.
Documents and data gathered for AML/CFT purposes, including transaction records and supporting evidence, are stored securely and retained for a minimum period of five years or as required by applicable law. All data processing complies with applicable data protection laws and the Nnph privacy policy. Access is limited to authorized personnel and protected against unauthorized disclosure or processing.
The Nnph governance structure assigns clear responsibilities for AML/CFT controls. The Board approves policies, resources, and risk management frameworks; the Compliance Officer drafts and maintains policies, conducts risk assessments, and oversees monitoring, training, and reporting; Internal Audit conducts independent reviews and coordinates corrective actions as needed.
All employees receive AML/CFT training during onboarding and through ongoing programs. Training covers KYC procedures, monitoring systems, sanctions screening, and reporting obligations. Training outcomes are documented for audit and regulatory purposes.
Suspicious activities are escalated internally to the Compliance Officer and, where required by law, reported to the relevant authorities. The process includes keeping detailed case records, timely SAR filings, and cooperation with law enforcement or supervisory bodies as appropriate.
Nnph may amend this Policy at any time. Material changes will be communicated through standard channels. Continued use of the platform after notification indicates acceptance of updated terms.