State Bank of Pakistan Regulatory Compliance Disclosure

1.1 The SBP regulates digital payments through the Payment Systems and Electronic Fund Transfers Act, 2007 (PSEFTA), EMI Regulations (2019 and amendments), PS&P Regulations, and various BPRD Circulars. 1.2 ChaiLink functions as a technology platform facilitating payments between Supporters and Creators, partnering with SBP-licensed EMIs and banks for actual fund movement and settlement. 1.3 ChaiLink is pursuing applicable licensing and partnership structures as the regulatory landscape for creator economy platforms evolves under SBP's Digital Financial Services (DFS) agenda.

2.1 Easypaisa services are provided through Telenor Microfinance Bank Limited, licensed as an EMI/Bank under SBP supervision. 2.2 JazzCash services are provided through Mobilink Microfinance Bank Limited (JazzCash), licensed under SBP supervision. 2.3 Wallet collections and disbursements occur within EMI-regulated wallets; ChaiLink receives settlement files and status webhooks rather than direct cash handling.

3.1 Raast is Pakistan's instant payment system developed under SBP's vision for digital financial inclusion. 3.2 ChaiLink supports Raast Person-to-Merchant (P2M) and Person-to-Person (P2P) use cases where enabled by our sponsoring institution. 3.3 Raast transactions are settled in real-time through the Pakistan Instant Payment System infrastructure; failures due to SBP maintenance windows are outside ChaiLink control. 3.4 Users must provide valid Raast IDs (mobile number or IBAN alias) registered with their bank.

4.1 Card transactions are processed via PCI-DSS compliant acquiring partners; ChaiLink maintains SAQ-A scope where card data is fully outsourced to hosted payment pages. 4.2 3-D Secure authentication is enforced where required by issuer and SBP directives on card-not-present fraud mitigation. 4.3 Cross-border card payments may be subject to SBP foreign exchange regulations; Creators receiving international support must comply with FEMA and Income Tax foreign remittance reporting.

5.1 Creators undergo tiered KYC: Basic (mobile OTP, profile), Standard (CNIC verification), Enhanced (source of funds for high-volume accounts). 5.2 SBP EMI KYC thresholds trigger enhanced due diligence at Rs. 50,000 monthly inflows or as otherwise directed. 5.3 ChaiLink cooperates with Payment Partners' NADRA Verisys integrations for CNIC validity checks.

6.1 Suspicious Transaction Reports (STRs) filed with Financial Monitoring Unit (FMU) when required under AML/CFT laws. 6.2 Currency Transaction Reports (CTRs) for transactions exceeding statutory thresholds. 6.3 Periodic statistical returns to SBP through sponsoring EMIs where applicable.

7.1 Clear fee disclosure at checkout per SBP consumer protection principles. 7.2 Complaint resolution SLA: acknowledgment within 24 hours, resolution target within five (5) business days for payment disputes. 7.3 Escalation path to SBP Banking Services Corporation (BSC) dispute resolution for unresolved banking complaints involving partner institutions.

8.1 Cloud and software vendors undergo due diligence for data security, business continuity, and Pakistan data residency considerations. 8.2 Disaster recovery objectives: RPO 1 hour, RTO 4 hours for payment-critical systems. 8.3 Annual independent security assessments aligned with SBP technology risk management guidelines for DFS providers.