Anti-Money Laundering & Counter-Terrorist Financing Policy

1.1 ChaiLink is committed to preventing the use of its Platform for money laundering (ML), terrorist financing (TF), proliferation financing, or sanctions evasion. 1.2 The Board of Directors (or designated compliance committee) approves this Policy annually. 1.3 A designated Compliance Officer (MLRO) reports directly to senior management with independent authority to escalate STR filings. 1.4 All staff receive annual AML/CFT training with enhanced modules for payment operations teams.

2.1 ChaiLink conducts annual ML/TF risk assessments covering products (voluntary contributions), customer types (Creators, anonymous Supporters), delivery channels (mobile web), and geographic exposure (primarily Pakistan). 2.2 Higher-risk indicators include: rapid high-volume inflows from single instruments, structuring below reporting thresholds, mismatch between Creator profile and payout destination, use of high-risk jurisdictions on sanctions lists. 2.3 Risk assessment outcomes drive KYC tiers, transaction monitoring rules, and enhanced due diligence triggers.

3.1 Simplified Due Diligence for low-value, low-risk Supporters making occasional small Contributions without account registration. 3.2 Standard CDD for Creators: verified identity, address, occupation/category, payout account in own name. 3.3 Enhanced Due Diligence (EDD) for PEPs (Politically Exposed Persons), high-net-worth Creators, adverse media matches, or unusual activity patterns. 3.4 Ongoing due diligence through periodic KYC refresh every twelve (12) months or upon trigger events.

4.1 Automated rules monitor velocity, amount anomalies, geographic inconsistencies, device fingerprint reuse across multiple Creators, and round-sum structuring. 4.2 Manual review queue for alerts exceeding risk scores; analysts document disposition within forty-eight (48) hours. 4.3 Integration with Payment Partner fraud networks and FMU typologies updates quarterly.

5.1 Where there are reasonable grounds to suspect ML/TF, ChaiLink files STRs with FMU via the GoAML system without tipping off the subject (tipping-off is an offence under AMLA). 5.2 STR filing timeline: as soon as practicable, no later than three (3) business days from suspicion crystallization. 5.3 Accounts may be frozen pending investigation per AMLA Section 11 and SBP directives.

6.1 Creators and payout beneficiaries screened against UN Security Council Consolidated List, OFAC (where applicable to Pakistani obligations), and National Counter Terrorism Authority (NACTA) proscribed persons lists. 6.2 Real-time screening at onboarding and batch rescreening monthly. 6.3 Matches result in account rejection or suspension and potential STR filing.

7.1 CDD records, transaction logs, STR documentation, and training records retained for minimum seven (7) years from relationship end or transaction date per AMLA Section 7. 7.2 Records must be available for SBP inspection, FMU examination, and law enforcement requests pursuant to lawful authority.

8.1 Use of ChaiLink to layer funds from criminal conduct, integrate proceeds of corruption, finance terrorism, evade currency controls, or process payments for entities on sanctions lists. 8.2 Creators may not solicit Contributions for illegal activities including unlicensed gambling, narcotics, weapons, or human trafficking. 8.3 Use of mule accounts, third-party payout destinations, or falsified supporter messages to simulate organic support constitutes fraud and will be reported.

9.1 All employees complete AML/CFT induction within thirty (30) days of hire and annual refresher training. 9.2 Creators receive educational materials on lawful use and tax obligations via dashboard notices. 9.3 Whistleblower channel: compliance@chailink.co for internal reporting of AML policy violations.

10.1 User-level: account suspension, fund holds, permanent ban, referral to law enforcement. 10.2 ChaiLink-level: AMLA provides penalties including fines and imprisonment for officers in cases of willful negligence; ChaiLink maintains controls to prevent institutional liability. 10.3 Cooperation with FIA, FMU, and SBP enforcement actions as required by law.