🔒 INTERNAL POLICY — PM-AML-001

Anti-Money Laundering Policy

Reference: PM-AML-001 Version: V1.3 Category: Financial Crime Owner: Compliance Team FCA FRN: 681423

Promise Anti-Money Laundering Policy

Document Reference: PM-POL-596 Version: V1.3 Owner: Compliance Team — Promise Money Next Review Date: [To be confirmed]

Anti-Money Laundering Policy

Persons responsible

Overview

Client Relationships

How this will be done

What action will be taken

Conclusion

SENIOR MANAGEMENT RESPONSIBILITIES	SENIOR MANAGEMENT RESPONSIBILITIES
Senior Manager responsible for Anti-Money Laundering Policy	Steve Walker
Money Laundering Reporting Officer – Investment Business	Steve Walker

OVERVIEW
We are committed to having the necessary systems and controls in place to ensure that we are able to counter the risk that the firm may be used to further financial crime. This will be undertaken in line with FCA Rules - SYSC 3.2.6R to SYSC 3.2.6J G and SYSC 6.3. In addition we are committed to ensuring processes are in place to ensure all clients are accurately risk assessed and that relevant verification procedures are followed at all times to mitigate the risk of our firm being used as a shelter for money laundering. This is covered in our high-level Anti-Money Laundering Procedures and we ensure all relevant staff take appropriate responsibility and have awareness of the requirements set out within those procedures and within our Anti-money Laundering Policy. In particular, Senior Managers should have regard to Senior Manager Conduct Rule SC1– which requires a Senior Manager to take reasonable steps to ensure the business of the firm, for which they are responsible, is organised so that it is controlled effectively. This policy follows on from our procedures and sets out what we do to assess and then manage the money laundering and terrorist financing risks to which we are exposed in relation to our clients, both existing and new, and the types of products transacted. These are the minimum standards we expect all staff to adhere to when carrying out their duties in respect of client due diligence in relation to financial crime.

OVERVIEW

We are committed to having the necessary systems and controls in place to ensure that we are able to counter the risk that the firm may be used to further financial crime. This will be undertaken in line with FCA Rules - SYSC 3.2.6R to SYSC 3.2.6J G and SYSC 6.3. In addition we are committed to ensuring processes are in place to ensure all clients are accurately risk assessed and that relevant verification procedures are followed at all times to mitigate the risk of our firm being used as a shelter for money laundering. This is covered in our high-level Anti-Money Laundering Procedures and we ensure all relevant staff take appropriate responsibility and have awareness of the requirements set out within those procedures and within our Anti-money Laundering Policy. In particular, Senior Managers should have regard to Senior Manager Conduct Rule SC1– which requires a Senior Manager to take reasonable steps to ensure the business of the firm, for which they are responsible, is organised so that it is controlled effectively. This policy follows on from our procedures and sets out what we do to assess and then manage the money laundering and terrorist financing risks to which we are exposed in relation to our clients, both existing and new, and the types of products transacted. These are the minimum standards we expect all staff to adhere to when carrying out their duties in respect of client due diligence in relation to financial crime.

CLIENT RELATIONSHIPS
When entering into a relationship with all new customers we require, as part of the Know Your Client (KYC) process, an assessment of the AML requirements be carried out. This includes giving consideration to the profile of the customer as compared to the profile of the firm’s existing customers, as well as the type of product that the customer is entering into. In other words, risk will be considered in the context of both the individual as well as the product Both Promise and its lenders have an obligation to meet AML requirements. Lenders have more sophisticated and accurate systems and software to verify this information and should be used wherever possible. As packaging partners of these lenders we are provided with access to electronic AML and ID and Sanction Searches to investigate and report on: Voters roll Linked addresses Anti-Money Laundering Profile HM Treasury Sanction Politically Exposed Person (PEP) Customer Due Diligence (CDD) All checks to verify the individual / business / trust should be carried out in accordance with the stated CDD processes and documents as below: In the first instance we should use the selected lenders AML, EID, Sanction search facility to confirm the borrowers pose no risk to our financial crime / AML process. If the above fails we must satisfy ourselves to the identity of the borrowers with a minimum of the following: UK driving Licence or Passport (with necessary rights to reside if not UK) Plus Proof of current residency dated in the past 2 months – bank statement, utility bill (unable to accept online) We must be mindful of each lenders requirements and, should they exceed these minimums, obtain further information as required Promise and the lenders require the above to be certified as originals by Promise or by the introducing broker (who must be FCA authorised) In the absence of a certified copy of the original document from an FCA authorised brokers we must see and certify the originals ourselves. Where an exemption to the verification assessment is requested by a client, it must be agreed in advance with your line manager and the Nominated Lender. Further consideration to the risk of the firm being used to further financial crime will be assessed against the KYC information gathered as part of the fact-finding process, and at the time of product placement. All checks must be applied against the Customer Due Diligence (CDD) requirements set out above, unless the client has been deemed as higher risk, and Enhanced Due Diligence (EDD) must then be applied. For existing clients further checks will be required where verification documents expire or become out-of-date, or where the client changes their address. Enhanced Due Diligence (EDD) The scenarios where EDD needs to be applied for existing clients will be kept constantly under review, as these will be dependent on the changing nature of a customer’s individual circumstances, their occupation and associations, as well as the products which they apply for and / or own. Immediate referral of a Politically Exposed Person (PEP) or a client appearing on the Financial Sanctions register must be made to the Nominated Officer. This will be mandatory. The Financial Sanctions Register can be viewed from the links here: https://www.gov.uk/government/publications/financial-sanctions-consolidated-list-of-targets PEPs will be assessed following the gathering of KYC information, for more information about politically exposed persons (PEPs) for anti-money laundering purposes the FCA has provided guidance in FG 17/6 published in July 2017. This may be found here: https://www.fca.org.uk/publication/finalised-guidance/fg17-06.pdf The following could be a driver to carry out EDD due to an increase in Money Laundering risk: Clients – individual, business or trust (the customer or beneficial owner) Links to sectors that are associated with higher corruption risk, for example construction, pharmaceuticals and healthcare, arms trade, space or defence industries Do they have links to sectors associated with higher Money Laundering (ML) or Terrorist Financing (TF) risk, such as certain Money Services Businesses, casinos, or dealing in precious metals? Do they have links to sectors that are involved in handling significant amounts of cash? For legal persons (businesses), what is the nature of their business, what is their purpose? Do they have any political connections, is the individual or the beneficial owner, connection or close associate, a Politically Exposed Person (PEP)? Do they hold another public position which may enable them to abuse public office for private gain? Can they influence the awarding of contracts, are they members of high profile sporting bodies or individuals that are known to influence the government or other senior decision makers (perhaps local government)? Is there evidence that they have been subject to supervisory enforcement or sanction for failure to comply with Anti-money Laundering / TF obligations or wider conduct requirements in recent years? Is their background consistent with what the firm knows about their former, current or planned business activity, turnover, the source of funds and their source of wealth? Does the destination of funds raise a concern? Is the individual a non-EU resident? the customer is the beneficiary of a life insurance policy the customer is a third-country national seeking residence rights or citizenship in exchange for transfers of capital, purchase of a property, governments bonds or investment in corporate entities Where business is received on a non-face-to-face basis or via introducers this may add risk. The factors that we take into consideration when assessing how we manage the risk are as follows: For non-face to face customers we will ensure we use reliable forms of CDD (see procedures) Where the customer has been introduced by a third party, we will assess the quality of their CDD, and undertake additional checks as necessary. Reputation (the customer, beneficial owner or close associate(s)) Have there been any adverse reports or information in the media? Have they had their assets frozen due to administrative or criminal proceedings or allegations of terrorism or terrorist financing? Have they been subject to a suspicious activity report in the past? Is there ‘in-house’ information about their integrity, perhaps obtained in the course of a long-standing business relationship? Nature and behaviour (the customer or beneficial owner) These risks may not be apparent at outset but may emerge during the business relationship. Is there any doubt about the reliability or accuracy of their identity? Does the customer have legitimate reasons for being unable to provide robust evidence of their identity? Are there any indications that the customer may seek to avoid the establishment of a business relationship? For example, they are looking to carry out a series of one-off transactions when a business relationship makes more economic sense. For businesses, is the ownership and control structure transparent? Does it make sense? If it is complex, is there an obvious commercial or legal rationale? Where changes have been made to the control structure, are there sound reasons? As a business, could they be used as an asset holding vehicle? Do they request transactions that are complex, unusually or unexpectedly large, or of high frequency? Do they have an unusual or unexpected pattern without apparent purpose? Is there a suspicion that they could be trying to evade certain thresholds? Is an unnecessary or unreasonable level of secrecy being requested? Do they appear to want to disguise the true nature of the business? Source of wealth – can this be easily explained through occupation, inheritance or investments? Have they been using their products and services as expected when the business relationship started? For non-residents – could their needs be better served elsewhere? Is there a sound economic or legal rationale for them requesting the service being sought? Non-profit organisations – could their activities be abused for terrorist financing purposes? With regard to jurisdiction the following risk factors will be taken into consideration, the jurisdiction where the customer or beneficial owner: Is based their main place of business is located; and with which they have relevant personal links. When assessing jurisdictions other than EU / EEA territories, the following additional factors will be taken into consideration: Membership of groups that only admit those meeting a certain benchmark Contextual factors – political stability; level of (endemic) corruption etc. Evidence of relevant (public) criticism of a jurisdiction, including HMT/FATF advisory notices Independent and public assessment of the jurisdiction’s overall AML regime Need for any assessment to be recent Implementation standards (including quality and effectiveness of supervision) Incidence of trade with the jurisdiction – need to be proportionate especially where very small We will also review any UK prohibition and advisory notices issued by HM Treasury – Office of Financial Sanctions Implementation Financial sanctions targets: list of all asset freeze targets - GOV.UK (www.gov.uk) When carrying out Enhance Due Diligence (EDD) the additional following measures can be considered appropriate checks to ensure protection against the suspicion of financial crime activity: Ensuring payments are made from/to a UK or EEA regulated bank account Carrying out detailed KYC to understand source of wealth/funds and where relevant obtain independent verification Regular reviews of the relationship and activities carried out Search of family and business connections Search the internet for adverse media reports/stories A process for assessing ‘novations’ of client banks must be agreed on a case-by-case basis with the MLRO.

CLIENT RELATIONSHIPS

When entering into a relationship with all new customers we require, as part of the Know Your Client (KYC) process, an assessment of the AML requirements be carried out. This includes giving consideration to the profile of the customer as compared to the profile of the firm’s existing customers, as well as the type of product that the customer is entering into. In other words, risk will be considered in the context of both the individual as well as the product Both Promise and its lenders have an obligation to meet AML requirements. Lenders have more sophisticated and accurate systems and software to verify this information and should be used wherever possible. As packaging partners of these lenders we are provided with access to electronic AML and ID and Sanction Searches to investigate and report on: Voters roll Linked addresses Anti-Money Laundering Profile HM Treasury Sanction Politically Exposed Person (PEP) Customer Due Diligence (CDD) All checks to verify the individual / business / trust should be carried out in accordance with the stated CDD processes and documents as below: In the first instance we should use the selected lenders AML, EID, Sanction search facility to confirm the borrowers pose no risk to our financial crime / AML process. If the above fails we must satisfy ourselves to the identity of the borrowers with a minimum of the following: UK driving Licence or Passport (with necessary rights to reside if not UK) Plus Proof of current residency dated in the past 2 months – bank statement, utility bill (unable to accept online) We must be mindful of each lenders requirements and, should they exceed these minimums, obtain further information as required Promise and the lenders require the above to be certified as originals by Promise or by the introducing broker (who must be FCA authorised) In the absence of a certified copy of the original document from an FCA authorised brokers we must see and certify the originals ourselves. Where an exemption to the verification assessment is requested by a client, it must be agreed in advance with your line manager and the Nominated Lender. Further consideration to the risk of the firm being used to further financial crime will be assessed against the KYC information gathered as part of the fact-finding process, and at the time of product placement. All checks must be applied against the Customer Due Diligence (CDD) requirements set out above, unless the client has been deemed as higher risk, and Enhanced Due Diligence (EDD) must then be applied. For existing clients further checks will be required where verification documents expire or become out-of-date, or where the client changes their address. Enhanced Due Diligence (EDD) The scenarios where EDD needs to be applied for existing clients will be kept constantly under review, as these will be dependent on the changing nature of a customer’s individual circumstances, their occupation and associations, as well as the products which they apply for and / or own. Immediate referral of a Politically Exposed Person (PEP) or a client appearing on the Financial Sanctions register must be made to the Nominated Officer. This will be mandatory. The Financial Sanctions Register can be viewed from the links here: https://www.gov.uk/government/publications/financial-sanctions-consolidated-list-of-targets PEPs will be assessed following the gathering of KYC information, for more information about politically exposed persons (PEPs) for anti-money laundering purposes the FCA has provided guidance in FG 17/6 published in July 2017. This may be found here: https://www.fca.org.uk/publication/finalised-guidance/fg17-06.pdf The following could be a driver to carry out EDD due to an increase in Money Laundering risk: Clients – individual, business or trust (the customer or beneficial owner) Links to sectors that are associated with higher corruption risk, for example construction, pharmaceuticals and healthcare, arms trade, space or defence industries Do they have links to sectors associated with higher Money Laundering (ML) or Terrorist Financing (TF) risk, such as certain Money Services Businesses, casinos, or dealing in precious metals? Do they have links to sectors that are involved in handling significant amounts of cash? For legal persons (businesses), what is the nature of their business, what is their purpose? Do they have any political connections, is the individual or the beneficial owner, connection or close associate, a Politically Exposed Person (PEP)? Do they hold another public position which may enable them to abuse public office for private gain? Can they influence the awarding of contracts, are they members of high profile sporting bodies or individuals that are known to influence the government or other senior decision makers (perhaps local government)? Is there evidence that they have been subject to supervisory enforcement or sanction for failure to comply with Anti-money Laundering / TF obligations or wider conduct requirements in recent years? Is their background consistent with what the firm knows about their former, current or planned business activity, turnover, the source of funds and their source of wealth? Does the destination of funds raise a concern? Is the individual a non-EU resident? the customer is the beneficiary of a life insurance policy the customer is a third-country national seeking residence rights or citizenship in exchange for transfers of capital, purchase of a property, governments bonds or investment in corporate entities Where business is received on a non-face-to-face basis or via introducers this may add risk. The factors that we take into consideration when assessing how we manage the risk are as follows: For non-face to face customers we will ensure we use reliable forms of CDD (see procedures) Where the customer has been introduced by a third party, we will assess the quality of their CDD, and undertake additional checks as necessary. Reputation (the customer, beneficial owner or close associate(s)) Have there been any adverse reports or information in the media? Have they had their assets frozen due to administrative or criminal proceedings or allegations of terrorism or terrorist financing? Have they been subject to a suspicious activity report in the past? Is there ‘in-house’ information about their integrity, perhaps obtained in the course of a long-standing business relationship? Nature and behaviour (the customer or beneficial owner) These risks may not be apparent at outset but may emerge during the business relationship. Is there any doubt about the reliability or accuracy of their identity? Does the customer have legitimate reasons for being unable to provide robust evidence of their identity? Are there any indications that the customer may seek to avoid the establishment of a business relationship? For example, they are looking to carry out a series of one-off transactions when a business relationship makes more economic sense. For businesses, is the ownership and control structure transparent? Does it make sense? If it is complex, is there an obvious commercial or legal rationale? Where changes have been made to the control structure, are there sound reasons? As a business, could they be used as an asset holding vehicle? Do they request transactions that are complex, unusually or unexpectedly large, or of high frequency? Do they have an unusual or unexpected pattern without apparent purpose? Is there a suspicion that they could be trying to evade certain thresholds? Is an unnecessary or unreasonable level of secrecy being requested? Do they appear to want to disguise the true nature of the business? Source of wealth – can this be easily explained through occupation, inheritance or investments? Have they been using their products and services as expected when the business relationship started? For non-residents – could their needs be better served elsewhere? Is there a sound economic or legal rationale for them requesting the service being sought? Non-profit organisations – could their activities be abused for terrorist financing purposes? With regard to jurisdiction the following risk factors will be taken into consideration, the jurisdiction where the customer or beneficial owner: Is based their main place of business is located; and with which they have relevant personal links. When assessing jurisdictions other than EU / EEA territories, the following additional factors will be taken into consideration: Membership of groups that only admit those meeting a certain benchmark Contextual factors – political stability; level of (endemic) corruption etc. Evidence of relevant (public) criticism of a jurisdiction, including HMT/FATF advisory notices Independent and public assessment of the jurisdiction’s overall AML regime Need for any assessment to be recent Implementation standards (including quality and effectiveness of supervision) Incidence of trade with the jurisdiction – need to be proportionate especially where very small We will also review any UK prohibition and advisory notices issued by HM Treasury – Office of Financial Sanctions Implementation Financial sanctions targets: list of all asset freeze targets - GOV.UK (www.gov.uk) When carrying out Enhance Due Diligence (EDD) the additional following measures can be considered appropriate checks to ensure protection against the suspicion of financial crime activity: Ensuring payments are made from/to a UK or EEA regulated bank account Carrying out detailed KYC to understand source of wealth/funds and where relevant obtain independent verification Regular reviews of the relationship and activities carried out Search of family and business connections Search the internet for adverse media reports/stories A process for assessing ‘novations’ of client banks must be agreed on a case-by-case basis with the MLRO.

ENHANCED DUE DILIGENCE - PRODUCTS
The firm categorises products typically as low to medium risk. In assessing the risk we take account of: The level of transparency, the product, service or transaction gives The extent to which the product or service allows anonymity or opaqueness for the customer or a beneficial owner (offshore and certain trusts, legal entities such as foundations, some pooled accounts); The extent to which it is possible for a third party, not part of the business to give instructions. The complexity of the product or service Are transactions straightforward, such as regular payments into a pension fund or are they complex involving multiple parties or jurisdictions? Are overpayments from third parties allowed where this is not normally foreseen, and is the identity of the third party known? Where products are new, or involve new technologies or payment, this is a consideration. The value or size of the product or service The extent to which the products are cash intensive Do they encourage high value transactions, and are any limits imposed that could curtail the use of the product for money laundering or terrorist financing purposes?

ENHANCED DUE DILIGENCE - PRODUCTS

The firm categorises products typically as low to medium risk. In assessing the risk we take account of: The level of transparency, the product, service or transaction gives The extent to which the product or service allows anonymity or opaqueness for the customer or a beneficial owner (offshore and certain trusts, legal entities such as foundations, some pooled accounts); The extent to which it is possible for a third party, not part of the business to give instructions. The complexity of the product or service Are transactions straightforward, such as regular payments into a pension fund or are they complex involving multiple parties or jurisdictions? Are overpayments from third parties allowed where this is not normally foreseen, and is the identity of the third party known? Where products are new, or involve new technologies or payment, this is a consideration. The value or size of the product or service The extent to which the products are cash intensive Do they encourage high value transactions, and are any limits imposed that could curtail the use of the product for money laundering or terrorist financing purposes?

ACTION TO BE TAKEN
All staff must read the Anti-Money Laundering Procedures, and appraise themselves of their responsibilities. All staff will follow the policy in assessing each client, new or existing and in the routine monitoring of existing customers and business written.

Reporting Suspicions
The firm’s procedures include an explanation as to the process that should be followed in the event of a suspicion arising. The individual should, as soon as practicable, complete a Money Laundering Suspicion Report form, place this in a sealed envelope and pass this to the firm’s MLRO, identified earlier. The customer relationship should continue unless informed otherwise by the MLRO. A record of all reports of suspicious activity will be made in the Money Laundering Incident Reporting Register, and the MLRO will determine whether a formal report should be made to the proper authorities. The following guidance from the NCA will be considered when reporting a suspicion: https://www.nationalcrimeagency.gov.uk/what-we-do/crime-threats/money-laundering-and-illicit-finance/suspicious-activity-reports

Reporting Suspicions

The firm’s procedures include an explanation as to the process that should be followed in the event of a suspicion arising. The individual should, as soon as practicable, complete a Money Laundering Suspicion Report form, place this in a sealed envelope and pass this to the firm’s MLRO, identified earlier. The customer relationship should continue unless informed otherwise by the MLRO. A record of all reports of suspicious activity will be made in the Money Laundering Incident Reporting Register, and the MLRO will determine whether a formal report should be made to the proper authorities. The following guidance from the NCA will be considered when reporting a suspicion: https://www.nationalcrimeagency.gov.uk/what-we-do/crime-threats/money-laundering-and-illicit-finance/suspicious-activity-reports

Staff Training
Management Commitment Appropriate training will be arranged and carried to ensure staff are aware of and understand: their legal and regulatory responsibilities; the implications of handling criminal property, and; their part in anti-money laundering / terrorist financing risk management. Staff Commitment The firm expects that staff; attend/undertake all necessary training; agree to comply with the firm’s systems & controls; ensure that they understand and implement the procedures; seek clarification if there is something they do not understand; sit a biennial in-house assessment in relation to anti-money laundering requirements; keep up to date with the firm’s anti-money laundering requirements; actively undertake risk assessment while dealing with customers, and; report any suspicions to the MLRO at the first available opportunity. Records Records will be maintained in relation training that will include: dates AML training was given the nature of the training the names of the staff who received training and the results of the tests undertaken by staff, where appropriate.

Staff Training

Management Commitment Appropriate training will be arranged and carried to ensure staff are aware of and understand: their legal and regulatory responsibilities; the implications of handling criminal property, and; their part in anti-money laundering / terrorist financing risk management. Staff Commitment The firm expects that staff; attend/undertake all necessary training; agree to comply with the firm’s systems & controls; ensure that they understand and implement the procedures; seek clarification if there is something they do not understand; sit a biennial in-house assessment in relation to anti-money laundering requirements; keep up to date with the firm’s anti-money laundering requirements; actively undertake risk assessment while dealing with customers, and; report any suspicions to the MLRO at the first available opportunity. Records Records will be maintained in relation training that will include: dates AML training was given the nature of the training the names of the staff who received training and the results of the tests undertaken by staff, where appropriate.

Monitoring Progress and Management Reporting
As part of the firm’s Compliance Planning & Reporting, the MLRO will prepare an annual Anti-Money Laundering Senior Management Report, which will assess the operation and effectiveness of the firm’s systems and controls in relation to managing money laundering risk. As part of this exercise, regular assessments of the adequacy of the firm’s systems and controls will be undertaken to ensure that the money laundering risk is managed effectively.

Monitoring Progress and Management Reporting

As part of the firm’s Compliance Planning & Reporting, the MLRO will prepare an annual Anti-Money Laundering Senior Management Report, which will assess the operation and effectiveness of the firm’s systems and controls in relation to managing money laundering risk. As part of this exercise, regular assessments of the adequacy of the firm’s systems and controls will be undertaken to ensure that the money laundering risk is managed effectively.

CONCLUSION
We take our Anti-Money Laundering responsibilities seriously and will consider disciplinary action in respect of any internal breach of our stated procedures and policy.