AML Policy | CyberPay

AML / CFT Prevention Policy

1. Purpose and Scope
2. Policy Principles
3. Governance and Accountability
4. Enterprise Risk Assessment and Risk Appetite Alignment
5. Customer Due Diligence – Merchants (KYB)
6. Customer Due Diligence – Buyers (KYC) and Auto-Accounts
7. Enhanced Due Diligence (EDD)
8. Sanctions, PEP, and Adverse Media Screening
9. Transaction Monitoring Framework
10. Alerts, Case Management, and Escalation
11. Suspicious Activity Reporting (SAR/STR) and Cooperation
12. Freezing, Refusal, and Exit Management
13. Anti-Bribery & Corruption (ABC) Interface
14. Modern Slavery & Human Trafficking Interface
15. Fraud, Abuse, and Security Signals (Cookie / Device Signals) – Principles-Based
16. Recordkeeping
17. Training and Awareness
18. Independent Testing and Audit
19. Third-Party / Partner Risk Management
20. Travel Rule and Virtual Asset Considerations

1. Purpose and Scope

This policy defines the AML/CFT framework of Apex Advisory Group Ltd (“CyberPay”). It is aligned with FATF principles and designed for bank/PSP onboarding and audits while remaining technology-agnostic. It applies to CyberPay personnel, contractors, and relevant outsourced functions involved in onboarding, monitoring, investigations, and reporting. It covers Merchants (including sub-merchants) and, where appropriate, Buyers/end-customers who interact with CyberPay-enabled checkouts (including auto-created Accounts).

2. Policy Principles

CyberPay’s AML/CFT program is risk-based and principles-driven:

documented risk-based approach across customers/products/geographies
governance and accountability for decisions
proportionate due diligence and monitoring
cooperation with competent authorities and regulated partners
unilateral discretion to refuse/delay/freeze/suspend/terminate for compliance/risk CyberPay does not guarantee detection of all illicit activity and does not commit to specific tools, vendors, thresholds, or “real-time” monitoring.

3. Governance and Accountability

CyberPay maintains oversight through senior management and an appointed compliance function (e.g., Compliance Officer/MLRO):
First line (Onboarding/Operations): collects info, performs initial checks, triages alerts, escalates concerns
Second line (Compliance/MLRO): approves higher-risk cases, oversees investigations, decides SAR/STR filings, maintains procedures
Independent review: periodic testing of controls and remediation tracking

4. Enterprise Risk Assessment and Risk Appetite Alignment

CyberPay maintains an Enterprise Risk Assessment (ERA) reviewed periodically and upon material changes (new rails, markets, partners, products). The Risk Appetite Policy (published separately) defines prohibited/restricted industries and is operationalised via KYB/KYC, monitoring, escalation, and exit controls.

5. Customer Due Diligence – Merchants (KYB)

KYB is applied proportionately and may include:
company registration and corporate documents
ownership/control, beneficial owners, key controllers
authorised signatories
business model, products/services, customer base
expected volumes, corridors, payment methods
source of funds (and source of wealth where appropriate)
screening/adverse media outcomes Enhanced KYB applies to restricted/high-risk categories and complex structures.

6. Customer Due Diligence – Buyers (KYC) and Auto-Accounts

Buyer Accounts may be created at checkout. Verification depth may be staged and increased based on triggers:
value/velocity thresholds (risk-based)
geography/payment method risk
anomalies and screening results CyberPay may rely on third-party verification outputs without prescribing technologies.

7. Enhanced Due Diligence (EDD)

EDD may apply for:
high-risk corridors/jurisdictions
complex/opaque ownership
PEP connections/adverse media
unusual transaction typologies
elevated fraud/dispute signals EDD may include additional documents, senior approval, tighter limits, enhanced monitoring, and partner confirmation.

8. Sanctions, PEP, and Adverse Media Screening

CyberPay screens Merchants and (where appropriate) Buyers at onboarding and may refresh periodically or based on triggers. Potential matches are investigated and dispositioned under documented procedures. Confirmed sanctions exposure leads to refusal/freeze/reporting as required. Tipping-off restrictions may apply.

9. Transaction Monitoring Framework

Monitoring uses proportionate automated and manual review. Illustrative dimensions:
value and velocity anomalies
structuring/smurfing
rapid in/out “cash-out” patterns
round-tripping/circular flows
geographic inconsistencies (device/IP/location vs profile)
name/account mismatches and beneficiary anomalies
repeated failed verification
unusual dispute/chargeback clusters (where applicable)
device fingerprint anomalies and bot signals
merchant behaviour deviations from stated model

10. Alerts, Case Management, and Escalation

Alerts/flags are triaged, investigated, documented, and closed with rationale. Escalation triggers include repeated anomalies, unsatisfactory explanations, elevated typologies, sanctions/PEP concerns, or partner notifications. Outcomes may include enhanced verification, delays, refusal, suspension, termination, and/or reporting.

11. Suspicious Activity Reporting (SAR/STR) and Cooperation

Where suspicion is formed, CyberPay may file SAR/STR reports and cooperate with authorities and regulated partners. CyberPay may respond to lawful information requests from banks/PSPs. Tipping-off restrictions may apply.

12. Freezing, Refusal, and Exit Management

CyberPay may refuse/delay/suspend/freeze/terminate Accounts or Transactions for compliance/fraud/risk reasons. Exit management includes documentation, record preservation, partner notification (where appropriate), and compliant handling of residual settlements.

13. Anti-Bribery & Corruption (ABC) Interface

CyberPay’s ABC Policy is part of the financial crime framework. AML case handling should consider ABC red flags such as unusual intermediaries, off-book requests, undisclosed commissions/kickbacks, or facilitation payment requests. Escalate to Compliance/MLRO and consider EDD/refusal/reporting as appropriate.

14. Modern Slavery & Human Trafficking Interface

CyberPay’s Modern Slavery Statement informs risk controls for certain merchant categories and typologies. Escalate exploitation indicators to Compliance/MLRO and consider refusal/termination/reporting where appropriate.

CyberPay may use session integrity signals, device/behaviour indicators, and risk controls on cashier/checkout pages to prevent abuse and support AML/fraud objectives. CyberPay does not commit to specific technologies.

16. Recordkeeping

CyberPay retains KYB/KYC, screening outcomes, transaction records, monitoring notes, and reporting decisions for legally required periods and as needed for audit and legal defence. Access is restricted to authorised personnel.

17. Training and Awareness

CyberPay provides periodic training tailored to roles, including typologies relevant to APM rails, on-/off-ramp flows, sanctions, and escalation procedures.

18. Independent Testing and Audit

CyberPay conducts periodic independent reviews of AML controls (internal independent function or external reviewers) and tracks remediation.

19. Third-Party / Partner Risk Management

CyberPay relies on banks, PSPs, APM providers, VASPs, and vendors. CyberPay performs risk-based partner due diligence, monitors performance, and aligns contractual expectations where feasible.

20. Travel Rule and Virtual Asset Considerations

Where Travel Rule obligations apply, CyberPay may collect/transmit required originator/beneficiary information through appropriate means consistent with applicable rules and partner requirements, without prescribing specific technology.

Industries

iGaming Forex & Trading Crypto Assets CBD & Wellness Adult & Dating Nutraceuticals Dropshipping

Terms & Policies

Terms of Use AML / CFT Prevention Policy Cookie Policy Risk Appetite Policy Anti-Bribery & Corruption Policy Modern Slavery Human Trafficking Statement Privacy Policy